Results 1 to 9 of 9
Thread: adding users, how
-
04-17-2004, 11:04 AM #1Junior Guru Wannabe
- Join Date
- Dec 2003
- Posts
- 55
adding users, how
Hey,
[freebsd 4.9, apache 2, php, mysql, proftpd ]
I don't have any hosting control panel.
Whenever I give web hosting for my user I am adding new user to the system. This lets them to execute 'weird' commends (don't forget they have php). I would like to change it.
Is there a way that would prevent users from executing system commends?
I heard that it would be possible to add users but don't give them home dirs, such as /home/username but /path/to/any/place/username, but this will not let me add quotes for accounts.
Lesmak Kruk
-
04-18-2004, 08:25 AM #2Junior Guru Wannabe
- Join Date
- Dec 2003
- Posts
- 55
just curious: is this is a secret that noone is responding me ?
-
04-18-2004, 11:06 PM #3Newbie
- Join Date
- Feb 2004
- Location
- California
- Posts
- 24
You can place the users in a special group, and then chgrp to that group on the only commands you want them to be able to use, then take permissions away from the “everybody” permission set. This way they will only be able to execute commands that you specify.
-
04-19-2004, 01:16 AM #4Newbie
- Join Date
- Feb 2003
- Posts
- 10
I would say the best way to accomplish this is to do the following:
1. Determine all of the commands you want the users to have access to.
2. Make a directory somewhere.. (lets say /home/genericuser)
3. In that directory, make a fake root directory structure, putting copies of the commands you want the users to be able to access and the libraries that are required by these in the corresponding pseudo-directory.
4. Make a group on your system for these users.
5. Change permissions to allow this group to only access these commands.
6. Configure the login for these users to use /home/genericuser as the root directory, so that users see that as their working area.
7. Fill in the gaps.. I'm just typing this up rather haphazardly, so there are undoubtedly big spaces in my logic. Maybe someone else can correct some items I may have overlooked here.
Cheers,
Nick
-
04-19-2004, 09:21 AM #5Junior Guru Wannabe
- Join Date
- Dec 2003
- Posts
- 55
Thanks for replay!
3. In that directory, make a fake root directory structure, putting copies of the commands you want the users to be able to access and the libraries that are required by these in the corresponding pseudo-directory.
-
04-19-2004, 02:43 PM #6Newbie
- Join Date
- Feb 2003
- Posts
- 10
Well to do this, you need to choose the commands first and then locate them in your filesystem. Note the directories they are in and then make pseudo-directories in another folder (i gave the example of a user folder in home). Then copy the programs and their libraries to these directories you created (to find out what libraries a program is linked to do a "ldd programname").
Cheers,
Nick"The knack of flying is learning how to throw yourself at the ground
and miss."
--Douglas Adams (Life, the Universe and Everything)
-
04-19-2004, 07:52 PM #7Junior Guru Wannabe
- Join Date
- Dec 2003
- Posts
- 55
well, but how can i find a list of commends users usually use, like defoult list or something like that?
-
04-23-2004, 01:46 PM #8Newbie
- Join Date
- Feb 2003
- Posts
- 10
you are going to have to ask yourself what programs you want to grant them....
ls
mkdir
chmod
chown
etc......
the only place off the top of my head I can think of a certain list you could find, are the commands that FTP servers grant logged in users. Other than that, you jsut have to decide what programs to do this for."The knack of flying is learning how to throw yourself at the ground
and miss."
--Douglas Adams (Life, the Universe and Everything)
-
04-23-2004, 02:07 PM #9Registered User
- Join Date
- Feb 2004
- Posts
- 76
let mark if it work let me know ?