New user in solaris 11 to allow sftp only

Similar Messages

• Problem while creating a new user on solaris

  I have a SUN ultra machine. Solaris 2.6 is installed on this machine.
  I have successfully created a new user in this machine using "admintool"
  Problem is I'm getting error messages when I'm trying to update NIS DATABASE.
  I'm doing-
  #cd /var/yp
  #/usr/ccs/bin/make
  and the response is----
  updated passwd
  pushed passwd
  make:Warning:Don't know how to make target /etc/ethers
  Current working directory /var/yp
  make:Warning:Don't know how to make target /etc/netgroup
  Current working directory /var/yp
  make:Warning:Don't know how to make target /etc/bootparams
  Current working directory /var/yp
  updated netid
  pushed netid
  Couldn't find /etc/timezone
  make:Warning:Target all not remade because of errors.
  Current working directory /var/yp

  I had the a similar problem with new users on sloaris 8.
  I wasn't able to add new users and change the shell variable while using admintool.
  Login back into the console would simply not happen.
  All i've been able to find is that changing the users' variable - i.e. .login or .profile to match that of a working existing user (root),
  would skip over the problems.
  Other variables in the skeleton files were helpful. I suggest you take a look at them.

• Password/special characters policy for creating a new user in Solaris

  Hi,
  Please anyone can advise me on the following issue ?
  I tried to reinforce a new policy in the Solaris box, where when a new user is create, it should include minimum 1 or 2 numeric character, example
  useradd testing <<<<<<<<<<<<<< not allowd
  useradd testing123 <<<<<<<<<<<<<< Okay
  My /etc/defautl/passwd
  MINALPHA=4
  MINDIFF=7
  MINDIGIT=1
  MINSPECIAL=1
  MINUPPER=2
  MINLOWER=2
  MAXREPEATS=1
  WHITESPACE=YES
  NAMECHECK=YES
  DICTIONDBDIR=/var/passwd
  DICTIONLIST=/usr/share/lib/dict/words
  HISTORY=12
  MINWEEKS=NONE
  MAXWEEKS=4
  WARNWEEKS=NONE
  PASSLENGTH=8

  You might want to write an local account creation script which checks that account names comply with your policy before executing useradd to actually create the account. Tell your staff to use that script to create new accounts instead of using useradd directly. Of course, it could also check other aspects of your local policy as well.

• Solaris 10 and create new user

  I have got solaris 10, I want to create new user , ( Through command line and GUI), is there any guidline on net shows me step by step how to create user ?
  I had created user, but I could not login through that user, I was able to login as root only.

  I tried many things, but I still could not login, therefore I asked if you can post me some link show me step by step , I reapt step by step how to create new user in Solaris 10,,,,,,,,,,should step by step,,,,,I know how to use: useradd and chown and mkdir in /export/home,,,,,,etc.
  I relly appreciate if there is any link dives details for creating new user, because I could not find.

• How to restrict "sftp only" user into your home dir and subdir

  Hi OTN forums members
  Question : I want restrict a sftp only user to browse ONLY in your home directory and subdirectory . I don't want sftp user access into other directory.
  Details : I want use a "ssh bundle package" on s10(only package on SUNWCXall installation cluster). I don't want to use the "extrernal package", as "ProFTP", "Chroot", sunfreeware OpenSSH package,ecc. It's possible?
  Technical Details of my system(test) : the hostname and username it's fantasy name, not real ;-)
  root@sunlab1:/[1]$ cat /etc/release
                         Solaris 10 5/09 s10s_u7wos_08 SPARC
             Copyright 2009 Sun Microsystems, Inc.  All Rights Reserved.
                          Use is subject to license terms.
                               Assembled 30 March 2009
  root@sunlab1:/[2]$ uname -a
  SunOS sunlab1 5.10 Generic_142909-17 sun4u sparc SUNW,Sun-Blade-100
  root@sunlab1:/[3]$ grep explorer /etc/group
  explorer::111:
  root@sunlab1:/[4]$ grep explorer /etc/passwd
  explorer:x:111:111:Sun Explorer Data Collector sftp only user:/export/home/explorer:/usr/lib/ssh/sftp-server
  root@sunlab1:/[5]$ zfs list
  NAME                       USED  AVAIL  REFER  MOUNTPOINT
  rpool                     27.3G  9.33G    96K  /rpool
  rpool/ROOT                11.6G  9.33G    18K  legacy
  rpool/ROOT/s10s_u7wos_08  11.6G  9.33G  11.6G  /
  rpool/cfengine            73.7M   950M  73.7M  /var/cfengine
  rpool/dump                1.00G  9.33G  1.00G  -
  rpool/export              5.01G  9.33G  11.8M  /export
  rpool/export/home         1.40G  3.60G  1.40G  /export/home
  rpool/mp3                 2.65G  2.35G  2.65G  /mp3
  rpool/patches              206M  2.80G   206M  /var/patches
  rpool/swap                 768M  9.58G   514M  -
  root@sunlab1:/[6]$
  root@sunlab1:/[7]$ cd /export/home
  root@sunlab1:/export/home[9]$ ls -la
  total 47
  drwxr-xr-x   5 root     root           9 Oct  7 09:51 .
  drwxr-xr-x   4 root     sys            6 Jun  7 09:44 ..
  drwxr-x---  11 explorer explorer      11 Oct  7 11:30 explorer
  root@sunlab1:/[8]$ sftp explorer@sunlab1
  Connecting to sunlab1...
  Password:
  sftp> dir
  [...more output...]
  sftp> pwd
  Remote working directory: /export/home/explorer
  sftp> cd /var/adm
  sftp> dir
  [...more output...]
  sftp> get messages
  Fetching /var/adm/messages to messages
  sftp> pwd
  Remote working directory: /var/adm
  sftp> bye
  root@sunlab1:/[9]$
  root@sunlab1:/[10]$ pkginfo -l SUNWsshr
     PKGINST:  SUNWsshr
        NAME:  SSH Client and utilities, (Root)
    CATEGORY:  system
        ARCH:  sparc
     VERSION:  11.10.0,REV=2005.01.21.15.53
     BASEDIR:  /
      VENDOR:  Sun Microsystems, Inc.
        DESC:  Secure Shell protocol Client and associated Utilities
  [...snip...]
  root@sunlab1:/[11]$ pca -l installed --pattern=[Ss]sh
  [...snip...]
  Using /var/patches/pca/patchdiag.xref from Oct/14/10
  Host: sunlab1 (SunOS 5.10/Generic_142909-17/sparc/sun4u)
  List: installed (3/584)
  Patch  IR   CR RSB Age Synopsis
  141742 04 = 04 -S- 427 Obsoleted by: 141444-09 SunOS 5.10: sshd patch
  143140 04 = 04 RS- 119 Obsoleted by: 143559-03 SunOS 5.10: ssh patch
  143559 03 = 03 RS-  38 SunOS 5.10: ssh scp patch
  root@sunlab1:/[12]$ pca -l 141444 143559
  Using /var/patches/pca/patchdiag.xref from Oct/14/10
  Host: sunlab1 (SunOS 5.10/Generic_142909-17/sparc/sun4u)
  List: 141444 143559 (2/405)
  Patch  IR   CR RSB Age Synopsis
  141444 09 = 09 RS- 367 SunOS 5.10: kernel patch
  143559 03 = 03 RS-  38 SunOS 5.10: ssh scp patch
  root@sunlab1:/[13]$Legenda:
  PCA = [url http://www.par.univie.ac.at/solaris/pca/] Patch Check Advanced  , PCA is 3PP free and fast tool for Analyze, download and install patches for Solaris
  IR =Installed Rev. CR = Current Rev. (published on patchdiag.xref from Oct/14/10)
  RSB =[R]eccommended,[S]ecurity, [\B]ab patches
  Not helpful reading "<tt>man sshd_config</tt>" and "<tt>man sftp-server</tt>", and Google searching. Nothing by MOS Community search.
  Any idea?
  Best Regards
  Michele V.
  P.S.: Excuse me for my bad English.

  Hi OTN forums members,
       I find the solution. Thanks Andrea Manganaro (aka Amanga) for the help.
  1) Download and install OpenSSH for Solaris 10/SPARC and all dependencies(Please read the http://www.sunfreeware.com/openssh.html note):
       - [url ftp://ftp.sunfreeware.com/pub/freeware/sparc/10/openssh-5.6p1-sol10-sparc-local.gz]openssh-5.6p1-sol10-sparc-local.gz
       - [url ftp://ftp.sunfreeware.com/pub/freeware/sparc/10/openssl-1.0.0a-sol10-sparc-local.gz]openssl-1.0.0a-sol10-sparc-local.gz
       - [url ftp://ftp.sunfreeware.com/pub/freeware/sparc/10/zlib-1.2.5-sol10-sparc-local.gz]zlib-1.2.5-sol10-sparc-local.gz
       - [url ftp://ftp.sunfreeware.com/pub/freeware/sparc/10/libgcc-3.4.6-sol10-sparc-local.gz]ibgcc-3.4.6-sol10-sparc-local.gz
  2) Configure <tt>/usr/local/etc/sshd_config</tt> file with the "+<tt>ChrootDirectory</tt>+" directive. For me:
  # override default of no subsystems
  #Subsystem      sftp    /usr/local/libexec/sftp-server
  Subsystem       sftp    internal-sftp[...]
  # Example of overriding settings on a per-user basis
  Match Group sftponly
          ChrootDirectory %h
          ForceCommand internal-sftp
          AllowTcpForwarding no3) Create group and user for sftp-only account. For me:
  root@taurus # groupadd sftponly
  root@taurus # grep sftponly /etc/group
  sftponly::202:
  root@taurus # useradd -g sftponly -c "Sftp only user" -d /export/home/explorer -s /bin/false -m explorer
  explorer:x:1002:202:Sftp only user:/export/home/explorer:/bin/false
  root@taurus # passwd explorer
  New Password:
  Re-enter new Password:
  passwd: password successfully changed for explorer
  root@taurus # 4) Change home directory permission and create a r/w direcorty (uploads) for sftponly user account.
  root@taurus # cd /export/home
  root@taurus # ls -la
  total 14
  drwxr-xr-x   4 root     root           4 Oct 29 15:28 .
  drwxr-xr-x   3 root     sys            3 Jan 22  2009 ..
  drwxr-xr-x   3 explorer sftponly       3 Oct 29 15:41 explorer
  root@taurus # chown root:sftponly explorer; chmod 750 explorer
  root@taurus # ls -la
  total 14
  drwxr-xr-x   4 root     root           4 Oct 29 15:28 .
  drwxr-xr-x   3 root     sys            3 Jan 22  2009 ..
  drwxr-x---   3 root     sftponly       3 Oct 29 15:41 explorer
  root@taurus # This will make a read-only, chrooted directory perfect for people to come in and get stuff, but never write.
  For example, you could make a directory explorer/uploads that allow people to write in.Then you can moderate what gets copied into the read-only /explorer area. Remember that if a user can write in a directory then they can also delete anything in that directory.
  root@taurus # cd explorer
  root@taurus # mkdir uploads && chown -R explorer:sftponly uploads && chmod 0755 uploads
  root@taurus # ls -al
  total 9
  drwxr-x---   3 root     sftponly       3 Oct 29 15:41 .
  drwxr-xr-x   4 root     root           4 Oct 29 15:28 ..
  drwxr-xr-x   2 explorer sftponly       2 Oct 29 15:56 uploads
  root@taurus # 5) Disable SunSSH "service" and enable OpenSSH "service" (with SMF):
  root@taurus # svcadm disable sshSee [url http://www.sunfreeware.com/sshsol10.html]here for Running openssh vis SMF on Solaris 10 Systems
  root@taurus # svcadm disable ossh
  root@taurus # svcs -a | grep ssh
  disabled       12:37:51 svc:/network/ssh:default
  online         15:29:41 svc:/network/ossh:default
  root@taurus # 6) Test your job :-)
  Helpful links:
  ==============
  http://www.sunfreeware.com
  http://www.openssh.org
  http://calomel.org/sftp_chroot.html
  HTH
  Michele Vecchiato

• How do I allow new users to see Past instances of Publications.

  I need to allow new users to see past instances of Publications, i.e. instances they weren't subscribed to. The only way I seem to be able to do it is to make them Administrators. There are Publication Rights called "View objects" and "View document instances" but they don't seem to do what I need. "Full Control" doesn't work either.
  I guess the key question is, what right do administrators have that allows them to see all instances of a publication and how do I give that right to ordinary users?

  Hi Robert,
  have you tried to give your users also the "View document" and "View document instances" rights on the original documents (reports) which are contained in the publication?
  Regards,
  Stratos

• Can we lock down user admin functionality to allow password changes only?

  Hi,
  Is it possible to lock down the user admin functionality so a specific role can only change passwords?
  We have a large user base of >10K infrequent users that are forced to change their passwords every 30 days. We suspect a lot will require password changes and we are keen to not have the tech team spending most of their time dealing with such requests. We would like to pass this task onto data management but not allow them the system administrator functionality.
  We know we can create a responsibility with a limited menu available so the operator can see only the security/user/define menu. But this will still allow the person to add responsibilities to existing user accounts and create new user accounts, both of which are deemed unacceptable security risks. Is it possible to lock down the form as well as the menu? Allowing operators to only change the password of existing users? Or can we use the custom.pll to error when a user tries to do anything except edit the password field when in this role?
  Thanks
  Matt

  You should be able to do that. You would create a new privilege level (ie 7), assign all commands to that level except (this is my guess) the command vpn-sessiondb, you would put that at a lower privilege level (ie 6). Here's a write-up that may help getting you in the right direction.
  http://www.packetpros.com/2012/08/read-only-asdm.html

• Why will it not allow me to create an adobe new user id for my new program

  I'm not sure why it won't allow me to create a new user id account.  I just purchased the bundle package adobe photoshop elements 8 and premiere elements 8 for my HP laptop online. I keep getting an error 400 message.

  Can you confirm that at the time of creating your AdobeID you are connected to internet?  As I expect this error message is appear only in case if you are not connected to internet. So please check it again.
  Thanks,
  Vinod

• HT201240 This process does not appear to work for me.  I'm running 10.8.3.  I created a new user for a guest staying with me.  They have gone now and I am attempting to either change the password or delete the user.  It won't allow me to choose the user I

  This process does not appear to work for me.  I'm running 10.8.3.  I created a new user for a guest staying with me.  They have gone now and I am attempting to either change the password or delete the user.  It won't allow me to choose the user I created.  I am logged in as myself and it states that I am an "Admin".  The user I'm attempting to change is listed as a "standard" user and there is a white checkmark inside an orange circular background on the user pic in the list of users. 
  Can someone help me?  I am having a hard time believing that OSx will allow me to create users and allow them use of my computer and it's drives, yet it will not allow me to change the password so I can monitor what they might have been doing while logged on?  What if this were my child?  This guest left under sketchy circumstances, and I'd really like to be able to ensure they were not using my computer to do illegal things or to have illegal communications.
  Any help would be appreciated.  (It's odd that it was so simple to "create" a user and set a password for them.......but it's complicated or a little known process to reverse.
  Thanks.

  Here are two screen shots to show you what I am seeing.  The first screen shot shows it allowing me to select (highlighted in blue) my admin user (which is what I am locced in as).  The second screen shot shows it allowing me to select the "Guest" user (highlighted in blue).  However when I click on the user "Orion" nothing happens.  It will not change to highlight that user.

• How do I add a new user to my account? But I wanna give him a special product (e.g. InCopy) only for some month...

  I am admin and I want to add a new user to my account. But as written above, I want that he/she will get this product only for some month and not for a whole year.
  Thanks for the help.

  Team license links that may help
  -manage your team account http://forums.adobe.com/thread/1460939?tstart=0
  -Team Installer http://forums.adobe.com/thread/1363686?tstart=0

• How can i create a new user with only read rights ?

  How can i create a new user with only read rights ?

  You are asking about a Database User I hope.
  You can look into the Oracle 8i Documentation and find various privillages listed.
  In particular, you may find:
  Chapter 27 Privileges, Roles, and Security Policies
  an intresting chapter.
  You may want to do this with the various tools included with 8i - including the
  Oracle DBA Studio - expand the Security node and you can create USERS and ROLES.
  Or use SQL*Plus. To create a
  user / password named John / Smith, you would login to SQL*Plus as System/manager (or other) and type in:
  Create user John identified by Smith;
  Grant CONNECT to John;
  Grant SELECT ANY TABLE to John;
  commit;
  There is much more you can do
  depending on your needs.
  Please read the documentation.
  -John
  null

• I transferred data from my Macbook Pro to my Mac mini but it forced me to make a new user for my old data.  How do I transfer my music, pics, and docs from the "old" user to the new user (so that I only have one user instead of 2?)

  I transferred data from my Macbook Pro to my Mac mini but it forced me to make a new user for my old data.  How do I transfer my music, pics, and docs from the "old" user to the new user (so that I only have one user instead of 2?)

  Unless you transfer the files from Setup Assistant, Migration Assistant creates a new user with the data.
  To transfer the files to your first user, you have to log on this new user, and copy all your files to /Users/Shard folder. This is a folder where you can put the files you want to share between two or more users, and all users can read and write in it.
  After copying the files, go to your first user, open /Users/Shared folder, and copy the files to your user folders. If you migrated applications, you must know that they are stored in a common folder (/Applications), so you don't have to transfer them. To open /Users/Shared folder, open Go menu (in the menu bar) > Go to Folder, and type the folder

• On and iPad how to Allow User To Enter Custom Text  (Dropdown only) Enables users to enter a value other than the ones in the list.

  On an iPad, how do I :
  Allow User To Enter Custom Text
  (Dropdown only) Enables users to enter a value other than the ones in the list.'?

  Are you using the built-in Currency option under the Format tab? If so,
  what you're describing should not happen.

• Please, help!!!!! How can i delete Angry birds not only from my device (iPhone 4), but from my iTunes account,too? I am a new user.

  I am a new user of iPhone 4. I have problems with "Angry birds". I heard that i can fix the problem by deleting the application. So, the question is : How can i delete the game not only from my device, but from my iTunes account,too? Please, help!!!

  You can just tap and hold any icon to put into Edit mode.  There you can delete.
  Or you can just tell iTunes not to sync it.
  To remove from iTunes just click on it in list and press delete.

• Hello, this might be a basic question, but how do you open QuickTime to record a new webinar? I have a new MacBook Pro with Yosemite and can only get QuickTime to appear in Finder but not actually open to allow me to record something new. Thx.

  Hello, this might be a basic question, but how do you open QuickTime to record a new webinar? I have a new MacBook Pro with Yosemite and can only get QuickTime to appear in Finder but not actually open to allow me to record something new. Thx.

  Hi Winterwilly,
  Welcome to Apple Support Communities. 
  The article linked below answers your question of how to use QuickTime to record something on your MacBook Pro’s screen.
  QuickTime Player 10.x: Record your computer’s screen
  Cheers,
  -Jason