The command used is: useradd “name of the user” ..
Note – You must be logged-in as root to add, delete, and modify users
useradd -d /home/oracle -m oracle
- -d sets home directory for the user (if other than the default which is: /home/”user’s name”)
- -m creates the home directory
The user will still have the access to access other folders...
When i login into winscp and go to the home folder....i am able to copy the files from other directories on my desktop which i dont want to give them the access.
Note : those folders which the user is able to access has 777.
Not sure if that is possible, since if anybody on that server decides that some files/directores should be open to all, this would include access from that user as well.
But, the best thing you can do I think, is this : create the user with a group that nobody else is also a member of. Obviously, this would be a new group.
That way, access rights of this user fall into category "other" which would limit things largely.
That's the best solution I can think of, from an OS view.
Maybe there are some FTP specific setups that achieve similar results, but the above is when you start from a normal user, normal security rules.
"Note : those folders which the user is able to access has 777."
Mode 777 on a directory = no security
It may be part of another discussion, but if somebody is setting 777's all across the filesystem, he/she needs a basic training in Unix/Linux
If you behold my last update, things would work just perfectly if those directories would be 770
Same for files
You should look at Access Control Lists and Security-Enhanced Linux as options for restriction.
You can configure ssh to allow certain users to use sftp or scp only and restrict their home directory.
The following should do the trick: (tested in OL 6.3)
1. Modify /etc/ssh/sshd_config (pretty much at the end of the file):
#Subsystem sftp /usr/libexec/openssh/sftp-server
Subsystem sftp internal-sftp
Match Group sftpgroup
2. Restart the ssh server:
service sshd restart
3. Create the home directory for sftpgroup:
mkdir -p /home/sftpusers/home
chown root:root /home/sftpusers
chown root:root /home/sftpusers/home
4. Add the sftpgroup to the system:
5. Create the user (any user):
adduser joeshmoe -g sftpgroup -s /sbin/nologin
chown joeshmoe:sftpgroup /home/sftpusers/home/joeshmoe
chmod 750 /home/sftpusers/home/joeshmoe
6. If you use SELinux (/etc/selinux/config)
setsebool -P ssh_chroot_rw_homedirs on
(this may take a while)
restorecon -R /home/$USERNAME
Test the login from another system:
$ ssh email@example.com
This service allows sftp connections only.
Connection to 10.0.2.5 closed.
$ sftp firstname.lastname@example.org
Connected to 10.0.2.5.
sftp> put testfile
Uploading testfile to /home/joeshmoe/testfile
testfile 100% 195 0.2KB/s 00:00
sftp> cd /
sftp> ls home
That's all. Takes about 5 minutes to setup. Good luck!