Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

How to create a read-only account?

Status
Not open for further replies.
JTan

JTan

Technical User
Oct 9, 2001
73
SG
Hi,

is it possible to create a read-only account by adding some features in the /etc/passwd entry or we just have to add the user to a specific group and provide the group with only read access?

How about creating a ftp-only a/c?

Sorry, this may sound silly but I need to know more about the procedures.

Thanks!
 
Sort by date Sort by votes

Need a bit more info, read-only access to what? Specific files or filesystems, or application?

You'll need to use RBAC or native access control e.g. group membership. There are no options in /etc/passwd or /etc/shadow that will allow you to do this.

Dubbs.
 
Upvote 0 Downvote
I am referring to files now but I don't mind knowing the ways to filesystems as well. :)

 
Upvote 0 Downvote
Depending on the version of Solaris you are using I believe under the /etc/passwd you can use /bin/ftponly. You may want to do some reading on Sun's site but I vaguely remember some configuration such as that.

Sorry I couldn't be of more help.

-BP
 
Upvote 0 Downvote
To make an FTP only account, create a normal user account, but make the default shell be [tt]/usr/bin/false[/tt]. Then, if you have a file [tt]/etc/shells[/tt], add [tt]/usr/bin/false[/tt] to it.

That's it!

This will allow an FTP in to the account, but you won't be able to log in or even [tt]su[/tt] to it.

Hope this helps.

 
Upvote 0 Downvote
Depending on how you want to "control" the user, you should look into the commands [tt]chroot[/tt] and [tt]/usr/lib/rsh[/tt]. That [tt]rsh[/tt] is the restricted shell, not the remote shell. There's also a Korn shell version called [tt]rksh[/tt]. For more info on it...
[tt]
man -s1m rsh
[/tt]
Hope this helps.

 
Upvote 0 Downvote
Hi dUbbsNIX,

how shld I go abt using RBAC? What action shld I include in the exec file?

 
Upvote 0 Downvote
I could be wrong, but I don't believe you can restrict a user id to do less using RBAC. The roles created in RBAC are for granting specific privileges or commands to users. It's to let a user do more, not restrict them to do less.

Hope this helps.

 
Upvote 0 Downvote

I respectivley disagree with SamBones to an extent re. RBAC

It is true you use RBAC to prevent direct login, and grant abilties to user accounts, however the correct configuration would obviously you to disallow these abilties to certain users by virtue of obmission.

Make sense?
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

arciua
  • Locked
  • Question
SUN Solaris 7: How to pin Workspace Menu?
Replies
0
Views
677
arciua
arciua
tekmhe
  • Locked
  • Question
Using a PC, how to delete files from a Sunblade 150 IDE drive?
Replies
3
Views
498
SamBones
SamBones
austinramsay
  • Locked
  • Question
Solaris 10 install hanging at 3%.. Where to find log file, or ideas?
Replies
1
Views
665
AvayaTier3
AvayaTier3
DTGMI
  • Locked
  • Question
Sun X4270 Server Alarm Won't Clear
Replies
0
Views
487
DTGMI
DTGMI
CChambleeJr
  • Locked
  • Question
How to create file system on USB Drive
Replies
1
Views
376
SamBones
SamBones

Part and Inventory Search

Sponsor

Back
Top