Add a user via SSH?

[Loading]

BASIC INFO:
Server OS: Cent OS 5
Processor: Intel Xeon 3.00ghz 2 Processors
Ram: 8.00 GB
Game(s): 2 DOD:S server

Question
Basically all I want to know is how to add a new user that can both still use the terminal and FTP to the same dir. I don't want to use my privileged account for anything relay.

[lol554]

Why do you post in the linux forum if you are running Windows? Also, SSH is not implemented in Windows. Windows is noob-capable so you would just configure a new FTP-site with different users on it in the IIS-manager

[Loading]

(02-04-2010, 05:47 PM)lol554 Wrote:  Why do you post in the linux forum if you are running Windows? Also, SSH is not implemented in Windows. Windows is noob-capable so you would just configure a new FTP-site with different users on it in the IIS-manager

sorry I wrote the wrong os i have corrected the mistake and will check for obvious errors like that in the future. I'm actually using windows on a server and just started with Cent OS on this new one.

[Arjen]

http://www.computerhope.com/unix/useradd.htm

[BehaartesEtwas]

If I understand you correctly you want a user to be able only to access one directory? This is not easily done for a simple reason: ssh requires you to execute programs (like the shell or commands like ls), and they usually reside outside that directory. So you can't restrict access to one single directory.

What you can do is adjusting your file permissions properly. Make sure, all files/directories the other user shall not be able to read have the "other" permissions bits set to 0 (i.e. run "chmod o-rwx -R <name>" on the directories). Then put the user and your "privileged" user into a newly created group (e.g. "gameserver") and change the group of all files the user should access to that one. Also adjust the permissions of those files and directories: "chmod ug+rwXs -R <name>". Additionally you might want to change the global umask to 007 (usually in /etc/profile is the umask command executed for every user on login), that will make new files have permissions like 660 (i.e. unreadable by "other" users).

I hope that was somehow understandable... If not go ahead and ask :-) You might want to experiment a little with Linux rights in some unimportant directory to figure out how things work.

[Loading]

I think that cleared somethings up at least to the point of me better asking the question now. What I need to do it give other users access to the server for mostly ftp related tasks (upload and downloading files) that should only be to one dir (the game servers they need access to). Now I also need some users to have access to both the FTP and the ability to start and stop server when they need to. I'm only give access to ssh (no remote desktop). I'm going to go try thing agin with this new information.

[BehaartesEtwas]

(02-04-2010, 06:44 PM)Loading Wrote:  I'm only give access to ssh (no remote desktop).

that doesn't make any difference. ssh provides full access to everything the user is allowed to do. he can even start some kind of remote desktop.

(Unlike Windows Linux doesn't try to implement restrictions that are not fundamental. So if the user can do something in principle he can do it usually without many tricks.)

[lol554]

You could use SFTP, there's a program for that called WinSCP. Its very easy and useful

[Loading]

(02-04-2010, 06:54 PM)lol554 Wrote:  You could use SFTP, there's a program for that called WinSCP. Its very easy and useful

Thanks that works perfectly, Now is there any way for me to add new users with the ability to use SFTP, or would it just be the same way that one of the previous posters mentioned? I didn't see a flag for that access so I assume I'm missing something.

[lol554]

you could add them with the useradd command

[Arjen]

Maybe you want to google RSSH:

rssh is a restricted shell for use with OpenSSH, allowing only scp and/or sftp. It now also includes support for rdist, rsync, and cvs. For example, if you have a server which you only want to allow users to copy files off of via scp, without providing shell access, you can use rssh to do that.

[Loading]

well I added a user:

Code:

useradd name

then

Code:

passwd

entered the password for the user it told me it's all been added successfully. SO I try login via win scp and it wont take the password .

[Monk]

adduser blah
passwd blah
chsh -s /bin/false blah

Or you can use /sbin/nologin as their shell, false will not provide security unless you want to run a jail() isolation.

[BehaartesEtwas]

keep in mind: even if you restrict the access to scp/sftp (or even ftp) only, if the user can e.g. maintain a game server, he potentially can install plugins on it and thus gain any privileges the server is running with.

if you want to be safe and don't know exactly what you are doing, only grant access to trusted people. it is really difficult to prevent unauthorized access in those situations, even professional IT people don't get this right all the time.

[lol554]

You will need to grant the new user SSH access to your server, before it will be possible to browse the filesystem with that user