Limiting user accounts
s.ward at auckland.ac.nz
Sun Nov 7 18:28:36 UTC 2004
Phil Calvert wrote:
> I'm fairly new to the Linux world and I was wondering if this would work;
> Can I add /bin/false to /etc/shells and then set a user's shell (using
> chsh) to that? I want to limit a user's access to the box.
> What I'm doing with this limited account is this; I have set-up a
> Samba server and I want to limit access for some users to only the
> Samba shares. I do want to have some security, so I don't just want to
> make the shares public - however, I would like to make sure that the
> users can't log into a shell. I've already added an AllowUsers to the
> sshd_config file so only I can ssh into the box. Now, I'd like to make
> sure that someone can't just wander by and physically log into the box.
I have a box that uses SCPONLY (http://www.sublimation.org/scponly/).
The users have access to samba shares but can also access stuff offsite
etc via ssh. scponly however limits ssh so only scp and sftp can be
used (no ssh shell) meaning they can't mess with stuff.
There is a way to set up smbusers as different from local users - so
they wouldn't have a shell at all. If you only want to let them use
samba then changing the shell to /bin/false would do what you want. You
can edit the /etc/passwd file (use 'sudo vipw') to set the shell easily
- the last argument is the user's default shell.
More information about the ubuntu-users