Creating a user who cannot get an interactive shell
Clash Royale CLAN TAG#URR8PPP
up vote
17
down vote
favorite
What are interactive and non-interactive shell?
Questions: Create a user john who should not get an interactive shell.
How can we do this?
shell users
edited Jul 18 '12 at 23:53
Gilles
519k12410371566
asked Dec 9 '10 at 4:37
user2914
6214915
add a comment |
up vote
17
down vote
favorite
What are interactive and non-interactive shell?
Questions: Create a user john who should not get an interactive shell.
How can we do this?
shell users
edited Jul 18 '12 at 23:53
Gilles
519k12410371566
asked Dec 9 '10 at 4:37
user2914
6214915
add a comment |
up vote
17
down vote
favorite
up vote
17
down vote
favorite
What are interactive and non-interactive shell?
Questions: Create a user john who should not get an interactive shell.
How can we do this?
shell users
edited Jul 18 '12 at 23:53
Gilles
519k12410371566
asked Dec 9 '10 at 4:37
user2914
6214915
What are interactive and non-interactive shell?
Questions: Create a user john who should not get an interactive shell.
How can we do this?
shell users
shell users
edited Jul 18 '12 at 23:53
Gilles
519k12410371566
asked Dec 9 '10 at 4:37
user2914
6214915
edited Jul 18 '12 at 23:53
Gilles
519k12410371566
asked Dec 9 '10 at 4:37
user2914
6214915
edited Jul 18 '12 at 23:53
Gilles
519k12410371566
edited Jul 18 '12 at 23:53
Gilles
519k12410371566
edited Jul 18 '12 at 23:53
Gilles
519k12410371566
519k12410371566
asked Dec 9 '10 at 4:37
user2914
6214915
asked Dec 9 '10 at 4:37
user2914
6214915
asked Dec 9 '10 at 4:37
user2914
6214915
6214915
add a comment |
add a comment |
4 Answers
4
active
oldest
votes
up vote
9
down vote
The /etc/passwd file has as the last item on a user's line the program to be run upon login. For normal users this is typically set to /bin/sh or other shell (e.g. bash, zsh).
Traditionally, identities that are used to own processes or files or other resources have their "shell" set to /bin/false as in
syslog:x:101:102::/home/syslog:/bin/false
The pseudo-user syslog owns /var/log/syslog and is the only UID which has write permission for that file, but one cannot log in as user syslog as there is no command interpreter to be run.
answered Dec 9 '10 at 5:09
msw
8,8252236
add a comment |
up vote
9
down vote
Regarding the question you are trying to answer:
Create a user john who should not get an interactive shell.
The question means "Create a user named john who won't be able to log in and run commands from a shell". Interactive describe the way the shell works: the user types something, and the shell does something accordingly (there is a kind of communication between the user and the shell). The word "interactive" doesn't really add any information to the question, because as long as there is a user typing commands, the shell session is interactive.
There is also the non-interactive mode, where the user saves a series of commands they want to run in a file (called a shell script), and executes the file afterwards. Some commands behave differently depending on whether the shell is run interactively or non-interactively. You can read more here (this document is for bash, but the same concept applies for other shells).
On how to create such a user, if you skim through man useradd there is an option to set the login shell, -s or --shell. You can also create a user normally, in anyway you want (which I assume you know already?), then edit /etc/passwd like in msw's answer.
edited Apr 13 '17 at 12:37
Community♦
1
answered Dec 9 '10 at 5:56
phunehehe
12.1k1781138
add a comment |
up vote
3
down vote
Yes, change the shell in the password file (/etc/passwd) to some program that will not not allow a shell escape.
if you want to be a bofh /bin/false will do exactly what you want.
answered Dec 9 '10 at 5:08
David Harris
52736
add a comment |
up vote
-1
down vote
adduser username -s /sbin/nologin
edited 3 hours ago
Jeff Schaller
35.6k952118
answered 6 hours ago
H2 Mac
1
New contributor
H2 Mac is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
Notice the username is specified in the question as "john". Wouldn't hurt to use a little prose to explain what your command is doing and why it fulfills the requirements.
– Jeff Schaller
3 hours ago
add a comment |
4 Answers
4
active
oldest
votes
4 Answers
4
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
9
down vote
The /etc/passwd file has as the last item on a user's line the program to be run upon login. For normal users this is typically set to /bin/sh or other shell (e.g. bash, zsh).
Traditionally, identities that are used to own processes or files or other resources have their "shell" set to /bin/false as in
syslog:x:101:102::/home/syslog:/bin/false
The pseudo-user syslog owns /var/log/syslog and is the only UID which has write permission for that file, but one cannot log in as user syslog as there is no command interpreter to be run.
answered Dec 9 '10 at 5:09
msw
8,8252236
add a comment |
up vote
9
down vote
The /etc/passwd file has as the last item on a user's line the program to be run upon login. For normal users this is typically set to /bin/sh or other shell (e.g. bash, zsh).
Traditionally, identities that are used to own processes or files or other resources have their "shell" set to /bin/false as in
syslog:x:101:102::/home/syslog:/bin/false
The pseudo-user syslog owns /var/log/syslog and is the only UID which has write permission for that file, but one cannot log in as user syslog as there is no command interpreter to be run.
answered Dec 9 '10 at 5:09
msw
8,8252236
add a comment |
up vote
9
down vote
up vote
9
down vote
The /etc/passwd file has as the last item on a user's line the program to be run upon login. For normal users this is typically set to /bin/sh or other shell (e.g. bash, zsh).
Traditionally, identities that are used to own processes or files or other resources have their "shell" set to /bin/false as in
syslog:x:101:102::/home/syslog:/bin/false
The pseudo-user syslog owns /var/log/syslog and is the only UID which has write permission for that file, but one cannot log in as user syslog as there is no command interpreter to be run.
answered Dec 9 '10 at 5:09
msw
8,8252236
The /etc/passwd file has as the last item on a user's line the program to be run upon login. For normal users this is typically set to /bin/sh or other shell (e.g. bash, zsh).
Traditionally, identities that are used to own processes or files or other resources have their "shell" set to /bin/false as in
syslog:x:101:102::/home/syslog:/bin/false
The pseudo-user syslog owns /var/log/syslog and is the only UID which has write permission for that file, but one cannot log in as user syslog as there is no command interpreter to be run.
answered Dec 9 '10 at 5:09
msw
8,8252236
answered Dec 9 '10 at 5:09
msw
8,8252236
answered Dec 9 '10 at 5:09
msw
8,8252236
answered Dec 9 '10 at 5:09
msw
8,8252236
8,8252236
add a comment |
add a comment |
up vote
9
down vote
Regarding the question you are trying to answer:
Create a user john who should not get an interactive shell.
The question means "Create a user named john who won't be able to log in and run commands from a shell". Interactive describe the way the shell works: the user types something, and the shell does something accordingly (there is a kind of communication between the user and the shell). The word "interactive" doesn't really add any information to the question, because as long as there is a user typing commands, the shell session is interactive.
There is also the non-interactive mode, where the user saves a series of commands they want to run in a file (called a shell script), and executes the file afterwards. Some commands behave differently depending on whether the shell is run interactively or non-interactively. You can read more here (this document is for bash, but the same concept applies for other shells).
On how to create such a user, if you skim through man useradd there is an option to set the login shell, -s or --shell. You can also create a user normally, in anyway you want (which I assume you know already?), then edit /etc/passwd like in msw's answer.
edited Apr 13 '17 at 12:37
Community♦
1
answered Dec 9 '10 at 5:56
phunehehe
12.1k1781138
add a comment |
up vote
9
down vote
Regarding the question you are trying to answer:
Create a user john who should not get an interactive shell.
The question means "Create a user named john who won't be able to log in and run commands from a shell". Interactive describe the way the shell works: the user types something, and the shell does something accordingly (there is a kind of communication between the user and the shell). The word "interactive" doesn't really add any information to the question, because as long as there is a user typing commands, the shell session is interactive.
There is also the non-interactive mode, where the user saves a series of commands they want to run in a file (called a shell script), and executes the file afterwards. Some commands behave differently depending on whether the shell is run interactively or non-interactively. You can read more here (this document is for bash, but the same concept applies for other shells).
On how to create such a user, if you skim through man useradd there is an option to set the login shell, -s or --shell. You can also create a user normally, in anyway you want (which I assume you know already?), then edit /etc/passwd like in msw's answer.
edited Apr 13 '17 at 12:37
Community♦
1
answered Dec 9 '10 at 5:56
phunehehe
12.1k1781138
add a comment |
up vote
9
down vote
up vote
9
down vote
Regarding the question you are trying to answer:
Create a user john who should not get an interactive shell.
The question means "Create a user named john who won't be able to log in and run commands from a shell". Interactive describe the way the shell works: the user types something, and the shell does something accordingly (there is a kind of communication between the user and the shell). The word "interactive" doesn't really add any information to the question, because as long as there is a user typing commands, the shell session is interactive.
There is also the non-interactive mode, where the user saves a series of commands they want to run in a file (called a shell script), and executes the file afterwards. Some commands behave differently depending on whether the shell is run interactively or non-interactively. You can read more here (this document is for bash, but the same concept applies for other shells).
On how to create such a user, if you skim through man useradd there is an option to set the login shell, -s or --shell. You can also create a user normally, in anyway you want (which I assume you know already?), then edit /etc/passwd like in msw's answer.
edited Apr 13 '17 at 12:37
Community♦
1
answered Dec 9 '10 at 5:56
phunehehe
12.1k1781138
Regarding the question you are trying to answer:
Create a user john who should not get an interactive shell.
The question means "Create a user named john who won't be able to log in and run commands from a shell". Interactive describe the way the shell works: the user types something, and the shell does something accordingly (there is a kind of communication between the user and the shell). The word "interactive" doesn't really add any information to the question, because as long as there is a user typing commands, the shell session is interactive.
There is also the non-interactive mode, where the user saves a series of commands they want to run in a file (called a shell script), and executes the file afterwards. Some commands behave differently depending on whether the shell is run interactively or non-interactively. You can read more here (this document is for bash, but the same concept applies for other shells).
On how to create such a user, if you skim through man useradd there is an option to set the login shell, -s or --shell. You can also create a user normally, in anyway you want (which I assume you know already?), then edit /etc/passwd like in msw's answer.
edited Apr 13 '17 at 12:37
Community♦
1
answered Dec 9 '10 at 5:56
phunehehe
12.1k1781138
edited Apr 13 '17 at 12:37
Community♦
1
edited Apr 13 '17 at 12:37
Community♦
1
edited Apr 13 '17 at 12:37
Community♦
1
1
answered Dec 9 '10 at 5:56
phunehehe
12.1k1781138
answered Dec 9 '10 at 5:56
phunehehe
12.1k1781138
answered Dec 9 '10 at 5:56
phunehehe
12.1k1781138
12.1k1781138
add a comment |
add a comment |
up vote
3
down vote
Yes, change the shell in the password file (/etc/passwd) to some program that will not not allow a shell escape.
if you want to be a bofh /bin/false will do exactly what you want.
answered Dec 9 '10 at 5:08
David Harris
52736
add a comment |
up vote
3
down vote
Yes, change the shell in the password file (/etc/passwd) to some program that will not not allow a shell escape.
if you want to be a bofh /bin/false will do exactly what you want.
answered Dec 9 '10 at 5:08
David Harris
52736
add a comment |
up vote
3
down vote
up vote
3
down vote
Yes, change the shell in the password file (/etc/passwd) to some program that will not not allow a shell escape.
if you want to be a bofh /bin/false will do exactly what you want.
answered Dec 9 '10 at 5:08
David Harris
52736
Yes, change the shell in the password file (/etc/passwd) to some program that will not not allow a shell escape.
if you want to be a bofh /bin/false will do exactly what you want.
answered Dec 9 '10 at 5:08
David Harris
52736
answered Dec 9 '10 at 5:08
David Harris
52736
answered Dec 9 '10 at 5:08
David Harris
52736
answered Dec 9 '10 at 5:08
David Harris
52736
52736
add a comment |
add a comment |
up vote
-1
down vote
adduser username -s /sbin/nologin
edited 3 hours ago
Jeff Schaller
35.6k952118
answered 6 hours ago
H2 Mac
1
New contributor
H2 Mac is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
Notice the username is specified in the question as "john". Wouldn't hurt to use a little prose to explain what your command is doing and why it fulfills the requirements.
– Jeff Schaller
3 hours ago
add a comment |
up vote
-1
down vote
adduser username -s /sbin/nologin
edited 3 hours ago
Jeff Schaller
35.6k952118
answered 6 hours ago
H2 Mac
1
New contributor
H2 Mac is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
Notice the username is specified in the question as "john". Wouldn't hurt to use a little prose to explain what your command is doing and why it fulfills the requirements.
– Jeff Schaller
3 hours ago
add a comment |
up vote
-1
down vote
up vote
-1
down vote
adduser username -s /sbin/nologin
edited 3 hours ago
Jeff Schaller
35.6k952118
answered 6 hours ago
H2 Mac
1
New contributor
H2 Mac is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
adduser username -s /sbin/nologin
edited 3 hours ago
Jeff Schaller
35.6k952118
answered 6 hours ago
H2 Mac
1
New contributor
H2 Mac is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
edited 3 hours ago
Jeff Schaller
35.6k952118
edited 3 hours ago
Jeff Schaller
35.6k952118
edited 3 hours ago
Jeff Schaller
35.6k952118
35.6k952118
answered 6 hours ago
H2 Mac
1
New contributor
H2 Mac is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
answered 6 hours ago
H2 Mac
1
answered 6 hours ago
H2 Mac
1
1
New contributor
H2 Mac is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
New contributor
H2 Mac is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
H2 Mac is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
Notice the username is specified in the question as "john". Wouldn't hurt to use a little prose to explain what your command is doing and why it fulfills the requirements.
– Jeff Schaller
3 hours ago
add a comment |
Notice the username is specified in the question as "john". Wouldn't hurt to use a little prose to explain what your command is doing and why it fulfills the requirements.
– Jeff Schaller
3 hours ago
Notice the username is specified in the question as "john". Wouldn't hurt to use a little prose to explain what your command is doing and why it fulfills the requirements.
– Jeff Schaller
3 hours ago
Notice the username is specified in the question as "john". Wouldn't hurt to use a little prose to explain what your command is doing and why it fulfills the requirements.
– Jeff Schaller
3 hours ago
add a comment |
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f4676%2fcreating-a-user-who-cannot-get-an-interactive-shell%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password