Results 1 to 9 of 9
  1. #1
    Join Date
    Dec 2003
    Posts
    55

    adding users, how

    Hey,

    [freebsd 4.9, apache 2, php, mysql, proftpd ]

    I don't have any hosting control panel.

    Whenever I give web hosting for my user I am adding new user to the system. This lets them to execute 'weird' commends (don't forget they have php). I would like to change it.

    Is there a way that would prevent users from executing system commends?

    I heard that it would be possible to add users but don't give them home dirs, such as /home/username but /path/to/any/place/username, but this will not let me add quotes for accounts.


    Lesmak Kruk

  2. #2
    Join Date
    Dec 2003
    Posts
    55
    just curious: is this is a secret that noone is responding me ?

  3. #3
    Join Date
    Feb 2004
    Location
    California
    Posts
    24
    You can place the users in a special group, and then chgrp to that group on the only commands you want them to be able to use, then take permissions away from the “everybody” permission set. This way they will only be able to execute commands that you specify.

  4. #4
    I would say the best way to accomplish this is to do the following:

    1. Determine all of the commands you want the users to have access to.
    2. Make a directory somewhere.. (lets say /home/genericuser)
    3. In that directory, make a fake root directory structure, putting copies of the commands you want the users to be able to access and the libraries that are required by these in the corresponding pseudo-directory.
    4. Make a group on your system for these users.
    5. Change permissions to allow this group to only access these commands.
    6. Configure the login for these users to use /home/genericuser as the root directory, so that users see that as their working area.
    7. Fill in the gaps.. I'm just typing this up rather haphazardly, so there are undoubtedly big spaces in my logic. Maybe someone else can correct some items I may have overlooked here.



    Cheers,
    Nick

  5. #5
    Join Date
    Dec 2003
    Posts
    55
    Thanks for replay!


    3. In that directory, make a fake root directory structure, putting copies of the commands you want the users to be able to access and the libraries that are required by these in the corresponding pseudo-directory.
    How can I put copies of the commends that I want users to be able to access to?

  6. #6
    Well to do this, you need to choose the commands first and then locate them in your filesystem. Note the directories they are in and then make pseudo-directories in another folder (i gave the example of a user folder in home). Then copy the programs and their libraries to these directories you created (to find out what libraries a program is linked to do a "ldd programname").

    Cheers,
    Nick
    "The knack of flying is learning how to throw yourself at the ground
    and miss."
    --Douglas Adams (Life, the Universe and Everything)

  7. #7
    Join Date
    Dec 2003
    Posts
    55
    well, but how can i find a list of commends users usually use, like defoult list or something like that?

  8. #8
    you are going to have to ask yourself what programs you want to grant them....


    ls
    mkdir
    chmod
    chown
    etc......


    the only place off the top of my head I can think of a certain list you could find, are the commands that FTP servers grant logged in users. Other than that, you jsut have to decide what programs to do this for.
    "The knack of flying is learning how to throw yourself at the ground
    and miss."
    --Douglas Adams (Life, the Universe and Everything)

  9. #9
    let mark if it work let me know ?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •