Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

file transfer via ssh - limit folder access

  • 11-06-2013 8:34pm
    #1
    Registered Users, Registered Users 2 Posts: 222 ✭✭


    hi folks

    hope you can save me some time trying to figure this out. I'm sure its a basic enough question for some, not for me obv

    I've a htpc setup in my living room running ubuntu 12, I also have a pc setup in my young fellas room also running ununtu. I know how to install ssh to get file tansfers working but my problem is that this gives him this seems to give him access to the entire home folder or even the entire root folder. I want to give him access to only 2 folders, a music folder and a folder where I have some kids movies stored. I setup another user on my htpc for him thinking that if i connect under those credentials rather than mine it would limit him but it does not, he still has access to everything. the share tab in each folder appears to be rendered obsolete by the way I am connecting, i presume I'm missing something?


    this is basically how its all setup
    http://my.opera.com/ubuntunerd1/blog/share-files-between-two-ubuntu-computers-via-ssh



    as a bonus question (maybe best in a different thread) what is the best way to limit his internet access now that I have him connected via ethernet to the rest of the network? I have some firfox extension installed but this isnt ideal and easily bypassed once a little older and wiser. Ideally I'd like to have open access for stuff like google earth or any other ssoftware i have installed plus websites on a white list, anything other than that should need an administrator password......anything out there like this?

    thanks for any help


Comments

  • Registered Users, Registered Users 2 Posts: 339 ✭✭duffman85


    you don't need to give him ssh access to mount shared folders.

    You're already using samba - have a look at this guide to see how to restrict access: http://www.sitepoint.com/ubuntu-12-04-lts-precise-pangolin-file-sharing-with-samba/

    disable ssh access for him by editing /etc/ssh/sshd_config on your htpc. you'll need to edit this file using sudo, .i.e. sudo <text editor> ....
    sudo nano /etc/ssh/sshd_config
    
    Add the following to the end of the file:
    Add DenyUsers followed by the usernames you want to deny ssh access
    Add AllowUsers followed by the usernames you want to allow ssh access
    DenyUsers user1,user2
    AllowUsers me,user3
    
    save the file and restart the ssh daemon
    sudo restart ssh
    
    Now try to connect by ssh to the htpc with one of the denied accounts.
    It should prevent you from logging in.

    Here's a guide to configuring ssh in ubuntu https://help.ubuntu.com/community/SSH/OpenSSH/Configuring


  • Registered Users, Registered Users 2 Posts: 222 ✭✭jackrussell007


    that looks like a good guide on samba. thanks for that. I'll try it when I get home.

    thanks for your help

    anyone want to take on the bonus point? what are you using as a net nanny on ubuntu? I want to encourage him to explore the computer and learn how to install programs himself from the software center (probably figure out how to unistall the net nanny then) but want to restrict web access by only allowing whitelist sites.


  • Registered Users, Registered Users 2 Posts: 37,485 ✭✭✭✭Khannie


    NFS is better for linux -> linux IMO. Very easy to set up. I am a samba hater.

    On net nanny - they're all terrible IMO. The best bet is to use OpenDNS with a restricted profile. They provide the option for filtering based on category and it's pretty good (and free), once you don't want to browse a bit of filth from the same machine. :D


  • Registered Users, Registered Users 2 Posts: 14,048 ✭✭✭✭Johnboy1951


    Khannie wrote: »
    NFS is better for linux -> linux IMO. Very easy to set up. I am a samba hater.

    On net nanny - they're all terrible IMO. The best bet is to use OpenDNS with a restricted profile. They provide the option for filtering based on category and it's pretty good (and free), once you don't want to browse a bit of filth from the same machine. :D

    +1 on the NFS ;)

    Dansguardian is what I suggest .... if he does not have root access to the OS ....... but of course with Ubuntu it is likely he has through sudo? I know little of the 'bunty' way of doing root permissions, so maybe it is easily blocked ....

    If this is going to be an on-going requirement for some years, then you should consider a router with full firewall and filtering capabilities.


Advertisement