View All Products
Compute
Storage
Databases
Networking
Developer Tools
Delivery
Security
Services
Industries
Pricing
Community
Engage With Us
Community Questions restricting access on debian
Log in to Ask a Question

restricting access on debian

development

Hi,

I'm new to sysadmin - I'm just a business guy with no real sysadmin knowledge. But I was trying to set up my debian distro on my linode and create a user account with restricted rights. I installed sudo. I figured out how to create a user and a group. But I could not figure out how to assign an alias (the "User_Alias" command did not work). I also could not figure out how to prevent the user using the "su" command (the "!su" didn't work). I don't know if I need to create an alias to do this, but the sites I read seemed to indicate that I do.

I looked at the man sudo pages/site but that didn't seem to have easy explanations

Does anyone know where I can see something for beginners to teach me how to do all of this. I need something that is clear and accurate and has good examples.

Thanks

6 Replies

The "su" command can only be used if the user has the password to the account they're trying to "su" to, so there's no point in restricting access to it.

The "sudo" command is only usable if the user is on the sudoers list, and preventing users on the sudoers list from using sudo defeats the purpose of it, so there's no point restricting access to it.

Thanks - I guess I need to do some reading or hire someone to teach me the basics

@Jackson1007:

and create a user account with restricted rights.
What exactly are you trying to restrict?

I guess there are two things:

1) I just hired a sysadmin to set up my servers, but I don't yet know if I want to keep him and I want to make sure that I can easily switch sysadmins if necessary, so i want to make sure that i have his access the way it should be - I assume there's some standard for "contractor" access

2) I have developers working on my site, but I'm not sure how long I'm going to keep them either. I want to make sure that they only have enough access to finish building the site (I'm moving from another host) and no more than that.

Thanks

@Jackson1007:

I guess there are two things:

1) I just hired a sysadmin to set up my servers, but I don't yet know if I want to keep him and I want to make sure that I can easily switch sysadmins if necessary, so i want to make sure that i have his access the way it should be - I assume there's some standard for "contractor" access

2) I have developers working on my site, but I'm not sure how long I'm going to keep them either. I want to make sure that they only have enough access to finish building the site (I'm moving from another host) and no more than that.

Thanks

1)To set up a server you need root access so your sysadmin can't do his job with restricted permissions.

2) Look into sftp jails http://library.linode.com/security/sftp-jails

Thanks

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Log in to Reply
Community Code of Conduct