google cloud platform

Create non-root SSH user account and provide access to specific folders

This tutorial guides you on how to create non-root SSH user account and provide access to specific folders only in Linux. 

Create non-root SSH user account and provide access to specific folders

You should be able to create new SSH user and provide access to specific folders by running the following commands. First, execute the adduser command.

$ sudo adduser --home /home/sneppets/testdir/ --shell /bin/bash --no-create-home --ingroup sneppets demouser

Adding user `demouser' ...
Adding new user `demouser' (1002) with group `sneppets' ...
Not creating home directory `/home/sneppets/testdir/'.
New password:
Retype new password:
passwd: password updated successfully
Changing the user information for demouser
Enter the new value, or press ENTER for the default
        Full Name []: demo user
        Room Number []:
        Work Phone []:
        Home Phone []:
        Other []:
Is the information correct? [Y/n] y

Where,

adduser is the command used to add new user.

–home is used to specify where user will be redirected to by default when they login.

–shell is to specify the shell as /bin/bash. By default it is /bin/sh if you don’t specify.

–no-create-home will not create a home directory with username as /home/demouser instead it will user the mentioned directory /home/sneppets/testdir/ which already exists.

–ingroup is to add new user to the specified group.

Finally, the last argument is the “username” of the user account which you wanted to create.

Note, if you wanted to create a group before creating non-root SSH user account, then you can run the below command.

$ sudo groupadd -f sneppets

After that, verify whether group “sneppets” is created or not.

$ groups

sneppets adm dip video plugdev google-sudoers

Once user account is created and user and group information is verified as shown below.

$ sudo groups demouser

demouser : sneppets

Then, follow the below section to provide read-write access for the specific folders for the user account created.

Allow user or a group read-write access to a directory

In this section let us see how to provide read-write access for the group “sneppets” where this “demouser” user belongs to. Therefore, the user would be able to perform read-write operations in the directory “/home/sneppets/testdir“.

To provide read-write access for the group to a specific folder, run the following commands.

$ pwd
/home/sneppets

$ ls
testdir

$ sudo chgrp sneppets ./testdir

$ sudo chmod g+rwx ./testdir

Note, you need to execute chgrp command, so that the directoryt “testdir” will be part of group “sneppets”. Then you need to execute chmod command, so that the group “sneppets” and user “demouser” will get read-write permissions to the folder “testdir”.

To test whether the new SSH user has write access you can follow this tutorial How to connect VM using private key and SFTP in WinSCP and try to copy files under folder “testdir”.

That’s it. You had learnt how to create non-root SSH user account and how to provide access to specific folders only in Linux.

Hope it helped 🙂

References

Leave a Reply

avatar
  Subscribe  
Notify of