User access types (eg SSH)

1 post / 0 new
#1 Fri, 09/16/2011 - 16:36

User access types (eg SSH)


I have some questions about access for users under virtualmin..

By default in virtualmin I only have "email only" or "email and ftp" available when creating a new user, there is no default option for any form of SSH access.. What about "FTP only" or "SSH only" with no email??

I see there is a custom shell configuration but I haven't found established where the "Virtualmin built-in defaults" are derived from?? If I change these shells are they global?? What if I only want a particular virtual server to have the ability to have users with ssh access but not another?? What should I be careful of in changing these?? Are changes here applied to existing users??

How about permissions.. Is there a way to allow other users to edit all or part of the web content and maintain the correct permissions on files to be run by suexec?

Finally, restricting access to home directories.. Typically I use the SFTP jail setup below.. Would this type of setup have any issues when run with Virtualmin? I know the group membership would have to be done manually but my guess is the permissions settings might be a problem because the home directories are below the home directory of the main account..

Anyway interested in some discussion on this..


SFTP Jail setup
1. Edit your /etc/ssh/sshd_config file and change the "Subsystem sftp" line.

Subsystem sftp internal-sftp

Continue to add the following block to the end of the file..

Match group sftponly
ChrootDirectory %h
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp

2. Restart OpenSSH
#/etc/init.d/ssh restart

3. Create a group for the users who will only have SFTP access:

#addgroup sftponly

4. Add sftp only users to the "stfponly" group and set permissions.

#usermod -G sftponly username
#chown root:root /home/username
#chmod 755 /home/username
#cd /home/username
#mkdir public_html
#chown username:username *