linuxbuddies.com » User administration

Limiting FTP users to their home directory

Riyesh — Fri, 16 Jan 2009 15:22:01 +0000

Purpose

Unless the ftp users are limited to their home directories, they will able to access all files & folders on the server .

How to

Below you may see how this can done to 3 of the ftp servers used in common.

Pro-ftpd

vsftpd

pure-ftpd

Pure-ftpd

vi /etc/pure-ftpd.conf

And change the following line

ChrootEveryone=YES

pro-ftpd

vi /etc/proftpd.conf

DefaultRoot ~

Vsftpd

vi /etc/vsftpd.conf

chroot_local_user=YES

ubuntu internet sharing

Riyesh — Tue, 23 Dec 2008 12:52:53 +0000

The following will explain how to share your Internet connection:
Note: Type all the following commands in a root terminal, DO NOT use sudo.

1. Start by configuring the network card that interfaces to the other computers on you network:

# ifconfig ethX ip

where ethX is the network card and ip is your desired server ip address (Usually 192.168.0.1 is used)

2. Then configure the NAT as follows:

# iptables -t nat -A POSTROUTING -o ethX -j MASQUERADE

where ethX is the network card that the Internet is coming from

# echo 1 > /proc/sys/net/ipv4/ip_forward

3. Install dnsmasq and ipmasq using apt-get:

# apt-get install dnsmasq ipmasq

4. Restart dnsmasq:

# /etc/init.d/dnsmasq restart

5. Reconfigure ipmasq to start after networking has been started:

# dpkg-reconfigure ipmasq

6. Repeat steps 1 and 2.
7. Add the line “net.ipv4.ip_forward = 1″ to /etc/sysctl.conf

# gedit /etc/sysctl.conf

8. Reboot. (Optional) or sysctrl -p

How to disable a specific command(s) for a certain user.

Riyesh — Mon, 22 Dec 2008 05:42:30 +0000

Please follow the below steps to disable a specific command(s) for a certain user.

# su – riyesh
$ which rm (Here rm command as an example)
$ mkdir ~/bin
$ ln -s /bin/* ~/bin/ (/bin is the PATH for rm)
$ rm -rf ~/bin/rm

Take the output of $PATH for this user

$ echo $PATH > MyPATH.txt

Edit this file and replace /bin with ~/bin

$ su -
# cat /home/riyesh/MyPATH.txt >> /home/rieysh/.bashrc

Change the permission of /home/riyesh/.bashrc
# chmod 444 /home/riyesh/.bashrc
# chattr +i /home/riyesh/.bashrc

That’s all.
But the user can reset the PATH variable anytime to overcome this.
Please comment with alternatives for this.

Screen command for Remote assistance and Administration

Riyesh — Mon, 22 Dec 2008 05:33:30 +0000

screen is a UNIX utility for giving remote assistance/administration. Suppose an unskilled colleague of your own is struggling with a server at some remote location with no idea of troubleshooting a problem.

If you are able to solve that with keeping your colleague to watch how you are sorting out the issues you can use screen.

First of all ask your colleague for the username which he used to login into that remote machine. Now you can login to that remote machine as the same user. Imagine username is engineer and IP of the remote machine is 192.168.1.1. Try the below

# ssh engineer@192.168.1.1

Then after getting logged in run the screen command to set a session named myscreen

$ screen -S myscreen

Now tell your colleague to type the below for attaching his screen to your screen.

$ screen -x myscreen

Thats it. Now he can watch whatever you type and vice versa.

Limit number of Shell logins by a USER or GROUP

Riyesh — Mon, 22 Dec 2008 05:31:08 +0000

ltiple Shell login by the same user on a Linux box you have to set a maximum number of logins in /etc/security/limits.conf for a user or a group.

For example:

# groupadd salesgroup
# useradd -G salesgroup salesman1
# useradd -G salesgroup salesmanager
# echo “@salesgroup – maxlogins 10? >> /etc/security/limits.conf
# echo “salesman1 – maxlogins 5? >> /etc/security/limits.conf

Here the group salesgroup can make a maximum of 10 logins at a time.
And the user salesman1 is limited to 5 simultaneous logins.