How to create limited user accounts in LinuxCreating limited user account on Windows 7“Slave” user...
What is better: yes / no radio, or simple checkbox?
Cycles on the torus
Boss Telling direct supervisor I snitched
Will the concrete slab in a partially heated shed conduct a lot of heat to the unconditioned area?
Has a sovereign Communist government ever run, and conceded loss, on a fair election?
How could it rain oil?
Mixed Feelings - What am I
Why do phishing e-mails use faked e-mail addresses instead of the real one?
Insult for someone who "doesn't know anything"
Is this Paypal Github SDK reference really a dangerous site?
Too soon for a plot twist?
Issue with units for a rocket nozzle throat area problem
ESPP--any reason not to go all in?
Professor forcing me to attend a conference, I can't afford even with 50% funding
What is Tony Stark injecting into himself in Iron Man 3?
How would an energy-based "projectile" blow up a spaceship?
If nine coins are tossed, what is the probability that the number of heads is even?
Sort array by month and year
After Brexit, will the EU recognize British passports that are valid for more than ten years?
Was it really inappropriate to write a pull request for the company I interviewed with?
Short story about cities being connected by a conveyor belt
How do you make a gun that shoots melee weapons and/or swords?
I am the person who abides by rules but breaks the rules . Who am I
School performs periodic password audits. Is my password compromised?
How to create limited user accounts in Linux
Creating limited user account on Windows 7“Slave” user accounts in GNU/LinuxUser accounts in FTPLinux create limited userCopy user accountsForcing developers under limited Windows user accountsReinstall Linux by keeping user accountsHow much can user actions be limited?monitor user accounts LinuxDuplicate user accounts on Linux
I want to create a user account for each of the key programs installed on my debian server. For example, for the following programs:
Tomcat
Nginx
Supervisor
PostgreSQL
This seems to be recommended based on my reading online. However, I want to restrict these user accounts as much as possible, so that they dont have a shell login, dont have access to the other programs and are as limited as possible but still functional.
Would anyone mind telling me how this could be achieved? My reading so far suggests this:
echo "/usr/sbin/nologin" >> /etc/shells
useradd -s /usr/sbin/nologin tomcat
But I think there may be a more complete way of doing it.
EDIT: I'm using debian squeeze
bash security shell user-accounts
asked Sep 20 '12 at 14:44
James WillsonJames Willson
1671110
bumped to the homepage by Community♦ 9 hours ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
add a comment |
I want to create a user account for each of the key programs installed on my debian server. For example, for the following programs:
Tomcat
Nginx
Supervisor
PostgreSQL
This seems to be recommended based on my reading online. However, I want to restrict these user accounts as much as possible, so that they dont have a shell login, dont have access to the other programs and are as limited as possible but still functional.
Would anyone mind telling me how this could be achieved? My reading so far suggests this:
echo "/usr/sbin/nologin" >> /etc/shells
useradd -s /usr/sbin/nologin tomcat
But I think there may be a more complete way of doing it.
EDIT: I'm using debian squeeze
bash security shell user-accounts
asked Sep 20 '12 at 14:44
James WillsonJames Willson
1671110
bumped to the homepage by Community♦ 9 hours ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
add a comment |
I want to create a user account for each of the key programs installed on my debian server. For example, for the following programs:
Tomcat
Nginx
Supervisor
PostgreSQL
This seems to be recommended based on my reading online. However, I want to restrict these user accounts as much as possible, so that they dont have a shell login, dont have access to the other programs and are as limited as possible but still functional.
Would anyone mind telling me how this could be achieved? My reading so far suggests this:
echo "/usr/sbin/nologin" >> /etc/shells
useradd -s /usr/sbin/nologin tomcat
But I think there may be a more complete way of doing it.
EDIT: I'm using debian squeeze
bash security shell user-accounts
asked Sep 20 '12 at 14:44
James WillsonJames Willson
1671110
I want to create a user account for each of the key programs installed on my debian server. For example, for the following programs:
Tomcat
Nginx
Supervisor
PostgreSQL
This seems to be recommended based on my reading online. However, I want to restrict these user accounts as much as possible, so that they dont have a shell login, dont have access to the other programs and are as limited as possible but still functional.
Would anyone mind telling me how this could be achieved? My reading so far suggests this:
echo "/usr/sbin/nologin" >> /etc/shells
useradd -s /usr/sbin/nologin tomcat
But I think there may be a more complete way of doing it.
EDIT: I'm using debian squeeze
bash security shell user-accounts
bash security shell user-accounts
asked Sep 20 '12 at 14:44
James WillsonJames Willson
1671110
asked Sep 20 '12 at 14:44
James WillsonJames Willson
1671110
edited Sep 20 '12 at 15:28
James Willson
asked Sep 20 '12 at 14:44
James WillsonJames Willson
1671110
asked Sep 20 '12 at 14:44
James WillsonJames Willson
1671110
asked Sep 20 '12 at 14:44
James WillsonJames Willson
1671110
1671110
bumped to the homepage by Community♦ 9 hours ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
bumped to the homepage by Community♦ 9 hours ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
add a comment |
add a comment |
2 Answers
2
active
oldest
votes
Which distro are you running? Good distros already set up their install scripts for such packages to create users specific to daemons that can benefit from running as a separate user. Some packages share a user where they need to cooperatively read/write on various files. But in all cases they tend to have nologin as their login shell, which is appropriate.
answered Sep 20 '12 at 15:06
allquixoticallquixotic
30.8k695128
Debian Squeeze - Added to first post too.
– James Willson
Sep 20 '12 at 15:28
add a comment |
I don't no whether it will help you or not just see this .
I want to restrict these user accounts as much as possible, so that they dont have a shell login
For this before creating user account just edit the /etc/default/useradd file
This
1 # useradd defaults file
2 GROUP=100
3 HOME=/home
4 INACTIVE=-1
5 EXPIRE=
6 SHELL=/bin/bash
7 SKEL=/etc/skel
8 CREATE_MAIL_SPOOL=yes
To This
1 # useradd defaults file
2 GROUP=100
3 HOME=/home
4 INACTIVE=-1
5 EXPIRE=
6 SHELL=/bin/nologin
7 SKEL=/etc/skel
8 CREATE_MAIL_SPOOL=yes
After changing this if you create a user account, for all those accounts it is not possible to login to system
That is because of this
user:x:1017:1017::/home/user:/bin/nologin -----> /etc/passwd file entry
see here
[max@localhost ~]$ su - user
Password:
su: /bin/nologin: No such file or directory
[max@localhost ~]$
you can get this by editing /etc/passwd file directly no need to edit /etc/default/useradd
file if user's are less
just change last filed
This
user:x:1017:1017::/home/user:/bin/bash
To this
user:x:1017:1017::/home/user:/bin/nologin
answered Sep 29 '12 at 5:41
maxmax
2,50794261
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "3"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f477528%2fhow-to-create-limited-user-accounts-in-linux%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
Which distro are you running? Good distros already set up their install scripts for such packages to create users specific to daemons that can benefit from running as a separate user. Some packages share a user where they need to cooperatively read/write on various files. But in all cases they tend to have nologin as their login shell, which is appropriate.
answered Sep 20 '12 at 15:06
allquixoticallquixotic
30.8k695128
Debian Squeeze - Added to first post too.
– James Willson
Sep 20 '12 at 15:28
add a comment |
Which distro are you running? Good distros already set up their install scripts for such packages to create users specific to daemons that can benefit from running as a separate user. Some packages share a user where they need to cooperatively read/write on various files. But in all cases they tend to have nologin as their login shell, which is appropriate.
answered Sep 20 '12 at 15:06
allquixoticallquixotic
30.8k695128
Debian Squeeze - Added to first post too.
– James Willson
Sep 20 '12 at 15:28
add a comment |
Which distro are you running? Good distros already set up their install scripts for such packages to create users specific to daemons that can benefit from running as a separate user. Some packages share a user where they need to cooperatively read/write on various files. But in all cases they tend to have nologin as their login shell, which is appropriate.
answered Sep 20 '12 at 15:06
allquixoticallquixotic
30.8k695128
Which distro are you running? Good distros already set up their install scripts for such packages to create users specific to daemons that can benefit from running as a separate user. Some packages share a user where they need to cooperatively read/write on various files. But in all cases they tend to have nologin as their login shell, which is appropriate.
answered Sep 20 '12 at 15:06
allquixoticallquixotic
30.8k695128
answered Sep 20 '12 at 15:06
allquixoticallquixotic
30.8k695128
answered Sep 20 '12 at 15:06
allquixoticallquixotic
30.8k695128
answered Sep 20 '12 at 15:06
allquixoticallquixotic
30.8k695128
30.8k695128
Debian Squeeze - Added to first post too.
– James Willson
Sep 20 '12 at 15:28
add a comment |
Debian Squeeze - Added to first post too.
– James Willson
Sep 20 '12 at 15:28
Debian Squeeze - Added to first post too.
– James Willson
Sep 20 '12 at 15:28
Debian Squeeze - Added to first post too.
– James Willson
Sep 20 '12 at 15:28
add a comment |
I don't no whether it will help you or not just see this .
I want to restrict these user accounts as much as possible, so that they dont have a shell login
For this before creating user account just edit the /etc/default/useradd file
This
1 # useradd defaults file
2 GROUP=100
3 HOME=/home
4 INACTIVE=-1
5 EXPIRE=
6 SHELL=/bin/bash
7 SKEL=/etc/skel
8 CREATE_MAIL_SPOOL=yes
To This
1 # useradd defaults file
2 GROUP=100
3 HOME=/home
4 INACTIVE=-1
5 EXPIRE=
6 SHELL=/bin/nologin
7 SKEL=/etc/skel
8 CREATE_MAIL_SPOOL=yes
After changing this if you create a user account, for all those accounts it is not possible to login to system
That is because of this
user:x:1017:1017::/home/user:/bin/nologin -----> /etc/passwd file entry
see here
[max@localhost ~]$ su - user
Password:
su: /bin/nologin: No such file or directory
[max@localhost ~]$
you can get this by editing /etc/passwd file directly no need to edit /etc/default/useradd
file if user's are less
just change last filed
This
user:x:1017:1017::/home/user:/bin/bash
To this
user:x:1017:1017::/home/user:/bin/nologin
answered Sep 29 '12 at 5:41
maxmax
2,50794261
add a comment |
I don't no whether it will help you or not just see this .
I want to restrict these user accounts as much as possible, so that they dont have a shell login
For this before creating user account just edit the /etc/default/useradd file
This
1 # useradd defaults file
2 GROUP=100
3 HOME=/home
4 INACTIVE=-1
5 EXPIRE=
6 SHELL=/bin/bash
7 SKEL=/etc/skel
8 CREATE_MAIL_SPOOL=yes
To This
1 # useradd defaults file
2 GROUP=100
3 HOME=/home
4 INACTIVE=-1
5 EXPIRE=
6 SHELL=/bin/nologin
7 SKEL=/etc/skel
8 CREATE_MAIL_SPOOL=yes
After changing this if you create a user account, for all those accounts it is not possible to login to system
That is because of this
user:x:1017:1017::/home/user:/bin/nologin -----> /etc/passwd file entry
see here
[max@localhost ~]$ su - user
Password:
su: /bin/nologin: No such file or directory
[max@localhost ~]$
you can get this by editing /etc/passwd file directly no need to edit /etc/default/useradd
file if user's are less
just change last filed
This
user:x:1017:1017::/home/user:/bin/bash
To this
user:x:1017:1017::/home/user:/bin/nologin
answered Sep 29 '12 at 5:41
maxmax
2,50794261
add a comment |
I don't no whether it will help you or not just see this .
I want to restrict these user accounts as much as possible, so that they dont have a shell login
For this before creating user account just edit the /etc/default/useradd file
This
1 # useradd defaults file
2 GROUP=100
3 HOME=/home
4 INACTIVE=-1
5 EXPIRE=
6 SHELL=/bin/bash
7 SKEL=/etc/skel
8 CREATE_MAIL_SPOOL=yes
To This
1 # useradd defaults file
2 GROUP=100
3 HOME=/home
4 INACTIVE=-1
5 EXPIRE=
6 SHELL=/bin/nologin
7 SKEL=/etc/skel
8 CREATE_MAIL_SPOOL=yes
After changing this if you create a user account, for all those accounts it is not possible to login to system
That is because of this
user:x:1017:1017::/home/user:/bin/nologin -----> /etc/passwd file entry
see here
[max@localhost ~]$ su - user
Password:
su: /bin/nologin: No such file or directory
[max@localhost ~]$
you can get this by editing /etc/passwd file directly no need to edit /etc/default/useradd
file if user's are less
just change last filed
This
user:x:1017:1017::/home/user:/bin/bash
To this
user:x:1017:1017::/home/user:/bin/nologin
answered Sep 29 '12 at 5:41
maxmax
2,50794261
I don't no whether it will help you or not just see this .
I want to restrict these user accounts as much as possible, so that they dont have a shell login
For this before creating user account just edit the /etc/default/useradd file
This
1 # useradd defaults file
2 GROUP=100
3 HOME=/home
4 INACTIVE=-1
5 EXPIRE=
6 SHELL=/bin/bash
7 SKEL=/etc/skel
8 CREATE_MAIL_SPOOL=yes
To This
1 # useradd defaults file
2 GROUP=100
3 HOME=/home
4 INACTIVE=-1
5 EXPIRE=
6 SHELL=/bin/nologin
7 SKEL=/etc/skel
8 CREATE_MAIL_SPOOL=yes
After changing this if you create a user account, for all those accounts it is not possible to login to system
That is because of this
user:x:1017:1017::/home/user:/bin/nologin -----> /etc/passwd file entry
see here
[max@localhost ~]$ su - user
Password:
su: /bin/nologin: No such file or directory
[max@localhost ~]$
you can get this by editing /etc/passwd file directly no need to edit /etc/default/useradd
file if user's are less
just change last filed
This
user:x:1017:1017::/home/user:/bin/bash
To this
user:x:1017:1017::/home/user:/bin/nologin
answered Sep 29 '12 at 5:41
maxmax
2,50794261
edited Sep 29 '12 at 6:47
answered Sep 29 '12 at 5:41
maxmax
2,50794261
answered Sep 29 '12 at 5:41
maxmax
2,50794261
answered Sep 29 '12 at 5:41
maxmax
2,50794261
2,50794261
add a comment |
add a comment |
Thanks for contributing an answer to Super User!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f477528%2fhow-to-create-limited-user-accounts-in-linux%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
