Koozali.org: home of the SME Server

Obsolete Releases => SME Server 7.x => Topic started by: colins on November 17, 2008, 04:15:59 PM

Title: Restricted User Access
Post by: colins on November 17, 2008, 04:15:59 PM

 I found and old post in the SME Server forums from (copied below).  I want to do exactly the same thing (using SSH as a tunnel to run Telnet to another host on the network), and I figured out the same method, but I have 2 questions:
 
1. Every time I boot the SME Server, the passwd entries revert back to usr/bin/rssh, which denies the user access to the shell. Is there a solution for this?
2. Is there a way I can create a restricted user account, for example one that allows login to the shell, but will not accept any keystrokes?

Colin

---------------------------------------------------------------------
Could someone help me with the following I had read a posting 'from this forum' that stated the file /etc/passwd had the entry /bin/sshell for the user shell, and that If I wanted a user to be able to just telnet to e-smith, I could edit the passwd entry to /bin/bash, which worked.

    Question #1:  I use ssh on one of my other Linux RedHat v6.0 box's.  That system has the standard /home/ where I would create the .ssh2 subdirectory and place the .pub key in for ssh.  But with e-smith, I have no idea where to do this.  How/where do the user home directory's get created?  How do I set up ssh for a user ( myself ) to ssh to the server? I have seen that under /home/e-smith/files/users there are directories named after the user's I created, but there are no .bash_profile files?

    Questionc #2:  Does e-smith create .bash_profile files where I could place  alias's etc for that user?

    Is this possibly the answer to my questions, could it be that e-smith was not intended as a user/os where a normal user ( not root or admin ) can just log on and work?  that's why bash is not the default shell for new user's, and that's why there is no .bash_profile for the users, because e-smith wasn't intended for people to log in? I noticed that /root has a .ssh directory.  Is that for setting up a ssh2 account to access the server via a windows ssh client like Putty, or SecureCRT?
 
 
Thanks
 
Dave LaPorte.

Title: Re: Restricted User Access
Post by: David Harper on November 17, 2008, 08:10:35 PM

Try this for the login shell issue:

Code: [Select]

db accounts setprop [username] Shell /bin/bash
signal-event user-modify [username]

As for restrictions, AFAIK user shells do not have root privileges, so they cannot edit the e-smith database or do much that would be harmful. But you would need to test this.

Title: Re: Restricted User Access
Post by: colins on November 19, 2008, 09:57:22 AM

Yes, that did it, thanks very much!

Title: Re: Restricted User Access
Post by: cactus on November 19, 2008, 10:22:53 AM

Quote from: colins on November 17, 2008, 04:15:59 PM

I found and old post in the SME Server forums from (copied below).

Next time please provide the link. :-)