650 lines
20 KiB
HTML
650 lines
20 KiB
HTML
<!doctype html>
|
||
<!--
|
||
Minimal Mistakes Jekyll Theme 4.24.0 by Michael Rose
|
||
Copyright 2013-2020 Michael Rose - mademistakes.com | @mmistakes
|
||
Free for personal and commercial use under the MIT license
|
||
https://github.com/mmistakes/minimal-mistakes/blob/master/LICENSE
|
||
-->
|
||
<html lang="en" class="no-js">
|
||
<head>
|
||
<meta charset="utf-8">
|
||
|
||
<!-- begin _includes/seo.html --><title>Creating a Useless User - Şahin Akkaya’s Personal Page</title>
|
||
<meta name="description" content="Story In my previous post, I explained how to do port forwarding to access some machine behind private network. I will use this method to fix some issues in our desktop at home or my girlfriend’s computer. Now, of course I don’t want to give them access to my server. But they also need to have a user in my server to be able to perform port forwarding via ssh. So I wanted to create a user with least privileges to make sure nothing goes wrong.">
|
||
|
||
|
||
<meta name="author" content="Şahin Akkaya">
|
||
|
||
<meta property="article:author" content="Şahin Akkaya">
|
||
|
||
|
||
|
||
<meta property="og:type" content="article">
|
||
<meta property="og:locale" content="en_US">
|
||
<meta property="og:site_name" content="Şahin Akkaya's Personal Page">
|
||
<meta property="og:title" content="Creating a Useless User">
|
||
<meta property="og:url" content="https://sahinakkaya.dev/2022/02/27/creating-a-useless-user.html">
|
||
|
||
|
||
<meta property="og:description" content="Story In my previous post, I explained how to do port forwarding to access some machine behind private network. I will use this method to fix some issues in our desktop at home or my girlfriend’s computer. Now, of course I don’t want to give them access to my server. But they also need to have a user in my server to be able to perform port forwarding via ssh. So I wanted to create a user with least privileges to make sure nothing goes wrong.">
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
<meta property="article:published_time" content="2022-02-27T13:40:00+00:00">
|
||
|
||
|
||
|
||
|
||
|
||
|
||
<link rel="canonical" href="https://sahinakkaya.dev/2022/02/27/creating-a-useless-user.html">
|
||
|
||
|
||
|
||
|
||
<script type="application/ld+json">
|
||
{
|
||
"@context": "https://schema.org",
|
||
|
||
"@type": "Person",
|
||
"name": null,
|
||
"url": "https://sahinakkaya.dev/"
|
||
|
||
}
|
||
</script>
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
<!-- end _includes/seo.html -->
|
||
|
||
|
||
|
||
<link href="/feed.xml" type="application/atom+xml" rel="alternate" title="Şahin Akkaya's Personal Page Feed">
|
||
|
||
|
||
<!-- https://t.co/dKP3o1e -->
|
||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||
|
||
<script>
|
||
document.documentElement.className = document.documentElement.className.replace(/\bno-js\b/g, '') + ' js ';
|
||
</script>
|
||
|
||
<!-- For all browsers -->
|
||
<link rel="stylesheet" href="/assets/css/main.css">
|
||
<link rel="preload" href="https://cdn.jsdelivr.net/npm/@fortawesome/fontawesome-free@5/css/all.min.css" as="style" onload="this.onload=null;this.rel='stylesheet'">
|
||
<noscript><link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/@fortawesome/fontawesome-free@5/css/all.min.css"></noscript>
|
||
|
||
|
||
|
||
<!-- start custom head snippets -->
|
||
|
||
<!-- insert favicons. use https://realfavicongenerator.net/ -->
|
||
|
||
<!-- end custom head snippets -->
|
||
|
||
</head>
|
||
|
||
<body class="layout--single">
|
||
<nav class="skip-links">
|
||
<ul>
|
||
<li><a href="#site-nav" class="screen-reader-shortcut">Skip to primary navigation</a></li>
|
||
<li><a href="#main" class="screen-reader-shortcut">Skip to content</a></li>
|
||
<li><a href="#footer" class="screen-reader-shortcut">Skip to footer</a></li>
|
||
</ul>
|
||
</nav>
|
||
|
||
<!--[if lt IE 9]>
|
||
<div class="notice--danger align-center" style="margin: 0;">You are using an <strong>outdated</strong> browser. Please <a href="https://browsehappy.com/">upgrade your browser</a> to improve your experience.</div>
|
||
<![endif]-->
|
||
|
||
|
||
|
||
<div class="masthead">
|
||
<div class="masthead__inner-wrap">
|
||
<div class="masthead__menu">
|
||
<nav id="site-nav" class="greedy-nav">
|
||
|
||
<a class="site-title" href="/">
|
||
/home/sahin/
|
||
|
||
</a>
|
||
<ul class="visible-links"><li class="masthead__menu-item">
|
||
<a href="/">Home</a>
|
||
</li><li class="masthead__menu-item">
|
||
<a href="/about/">About</a>
|
||
</li><li class="masthead__menu-item">
|
||
<a href="/contact/">Contact</a>
|
||
</li></ul>
|
||
|
||
<button class="search__toggle" type="button">
|
||
<span class="visually-hidden">Toggle search</span>
|
||
<i class="fas fa-search"></i>
|
||
</button>
|
||
|
||
<button class="greedy-nav__toggle hidden" type="button">
|
||
<span class="visually-hidden">Toggle menu</span>
|
||
<div class="navicon"></div>
|
||
</button>
|
||
<ul class="hidden-links hidden"></ul>
|
||
</nav>
|
||
</div>
|
||
</div>
|
||
</div>
|
||
|
||
|
||
<div class="initial-content">
|
||
|
||
|
||
|
||
|
||
<div id="main" role="main">
|
||
|
||
<div class="sidebar sticky">
|
||
|
||
|
||
|
||
<div itemscope itemtype="https://schema.org/Person">
|
||
|
||
|
||
<div class="author__avatar">
|
||
|
||
<img src="/assets/images/logo.jpg" alt="Şahin Akkaya" itemprop="image">
|
||
|
||
</div>
|
||
|
||
|
||
<div class="author__content">
|
||
|
||
<h3 class="author__name" itemprop="name">Şahin Akkaya</h3>
|
||
|
||
|
||
<div class="author__bio" itemprop="description">
|
||
<p>A perfectionist who likes to tinker everything until it is just right.</p>
|
||
|
||
</div>
|
||
|
||
</div>
|
||
|
||
<div class="author__urls-wrapper">
|
||
<button class="btn btn--inverse">Follow</button>
|
||
<ul class="author__urls social-icons">
|
||
|
||
<li itemprop="homeLocation" itemscope itemtype="https://schema.org/Place">
|
||
<i class="fas fa-fw fa-map-marker-alt" aria-hidden="true"></i> <span itemprop="name">Istanbul, Turkey</span>
|
||
</li>
|
||
|
||
|
||
|
||
|
||
|
||
<li><a href="https://github.com/sahinakkayadev" rel="nofollow noopener noreferrer"><i class="fab fa-fw fa-github" aria-hidden="true"></i><span class="label">sahinakkayadev</span></a></li>
|
||
|
||
|
||
|
||
<li><a href="https://stackoverflow.com/users/9608759" rel="nofollow noopener noreferrer"><i class="fab fa-fw fa-stack-overflow" aria-hidden="true"></i><span class="label">Asocia</span></a></li>
|
||
|
||
|
||
|
||
<li><a href="https://twitter.com/sahinakkayadev" rel="nofollow noopener noreferrer"><i class="fab fa-fw fa-twitter-square" aria-hidden="true"></i><span class="label">@sahinakkayadev</span></a></li>
|
||
|
||
|
||
|
||
<li><a href="mailto:sahin@sahinakkaya.dev" rel="nofollow noopener noreferrer"><i class="fas fa-fw fa-envelope" aria-hidden="true"></i><span class="label">sahin@sahinakkaya.dev</span></a></li>
|
||
|
||
|
||
|
||
<li><a href="/assets/docs/resume.pdf" rel="nofollow noopener noreferrer"><i class="fas fa-fw fa-id-card" aria-hidden="true"></i><span class="label">Resume</span></a></li>
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
<!--
|
||
<li>
|
||
<a href="http://link-to-whatever-social-network.com/user/" itemprop="sameAs" rel="nofollow noopener noreferrer">
|
||
<i class="fas fa-fw" aria-hidden="true"></i> Custom Social Profile Link
|
||
</a>
|
||
</li>
|
||
-->
|
||
</ul>
|
||
</div>
|
||
</div>
|
||
|
||
|
||
</div>
|
||
|
||
|
||
|
||
<article class="page" itemscope itemtype="https://schema.org/CreativeWork">
|
||
<meta itemprop="headline" content="Creating a Useless User">
|
||
<meta itemprop="description" content="StoryIn my previous post, I explained how to do port forwarding to access some machine behind private network. I will use this method to fix some issues in our desktop at home or my girlfriend’s computer. Now, of course I don’t want to give them access to my server. But they also need to have a user in my server to be able to perform port forwarding via ssh. So I wanted to create a user with least privileges to make sure nothing goes wrong.">
|
||
<meta itemprop="datePublished" content="2022-02-27T13:40:00+00:00">
|
||
|
||
|
||
<div class="page__inner-wrap">
|
||
|
||
<header>
|
||
<h1 id="page-title" class="page__title" itemprop="headline">Creating a <em>Useless</em> User
|
||
</h1>
|
||
|
||
|
||
<p class="page__meta">
|
||
|
||
|
||
<span class="page__meta-date">
|
||
<i class="far fa-calendar-alt" aria-hidden="true"></i>
|
||
|
||
<time datetime="2022-02-27T13:40:00+00:00">February 27, 2022</time>
|
||
</span>
|
||
|
||
|
||
<span class="page__meta-sep"></span>
|
||
|
||
|
||
|
||
|
||
|
||
<span class="page__meta-readtime">
|
||
<i class="far fa-clock" aria-hidden="true"></i>
|
||
|
||
1 minute read
|
||
|
||
</span>
|
||
|
||
</p>
|
||
|
||
|
||
</header>
|
||
|
||
|
||
<section class="page__content" itemprop="text">
|
||
|
||
<h2 id="story">Story</h2>
|
||
<p>In my <a href="/2022/02/26/ssh-into-machine-that-is-behind-private-network.html">previous post</a>, I explained how to do port forwarding to access some machine behind private network. I will use this method to fix some issues in our desktop at home or my girlfriend’s computer. Now, of course I don’t want to give them access to my server. But they also need to have a user in my server to be able to perform port forwarding via ssh. So I wanted to create a user with least privileges to make sure nothing goes wrong.</p>
|
||
|
||
<h2 id="the-solution">The solution</h2>
|
||
<p>I searched the problem in it turned out to be very simple. You just need to add two additional flags to <code class="language-plaintext highlighter-rouge">adduser</code> command while creating the user.</p>
|
||
<div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="nb">sudo </span>adduser uselessuser <span class="nt">--shell</span><span class="o">=</span>/bin/false <span class="nt">--no-create-home</span>
|
||
</code></pre></div></div>
|
||
<p>Now, <code class="language-plaintext highlighter-rouge">uselessuser</code> can’t do anything useful in your server. If they try to login, the connection will be closed immediately.</p>
|
||
<div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code>❯ ssh uselessuser@remote.host
|
||
uselessuser@remote.host<span class="se">\'</span>s password:
|
||
Could not chdir to home directory /home/uselessuser: No such file or directory
|
||
Connection to remote.host closed.
|
||
</code></pre></div></div>
|
||
<p>But they can still do forward the remote port to their local machine.</p>
|
||
<div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code>❯ ssh <span class="nt">-Nf</span> <span class="nt">-R</span> 7777:localhost:22 uselessuser@remote.host
|
||
uselessuser@remote.host<span class="se">\'</span>s password:
|
||
</code></pre></div></div>
|
||
<p>The <code class="language-plaintext highlighter-rouge">-N</code> option is the most important one here. From the documentation:</p>
|
||
<blockquote>
|
||
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code> -N Do not execute a remote command. This is useful
|
||
for just forwarding ports. Refer to the description
|
||
of SessionType in ssh_config(5) for details.
|
||
</code></pre></div> </div>
|
||
</blockquote>
|
||
|
||
<h2 id="last-words">Last words</h2>
|
||
<p>I love learning new things everyday. I knew setting the shell of a user to <code class="language-plaintext highlighter-rouge">/bin/false</code> will prevent them from logging in. The reason I wrote this blog post is because 2 things I wanted to share:</p>
|
||
<ul>
|
||
<li>While looking for a solution to the problem I mentioned, I searched <em>“create a user with no privileges in linux”</em> and <a href="https://askubuntu.com/questions/1174376/how-to-create-a-user-with-the-least-privileges-permissions-but-enough-to-do-ssh">this</a> came out. It is really interesting for me that another person wanted to do the same thing for the <em>exact same reasons</em>. They were also trying port forwarding via ssh and they wanted to create a limited user in their server to give friends. So the question was a <strong>perfect fit</strong> to the problem.</li>
|
||
<li>The <code class="language-plaintext highlighter-rouge">-N</code> flag of the ssh command was also surprising for me. It was like as if someone had encountered these problems before and just took the exact steps required to solve this problem for me. I mean look at the documentation. Crazy!</li>
|
||
</ul>
|
||
|
||
|
||
|
||
</section>
|
||
|
||
<footer class="page__meta">
|
||
|
||
|
||
|
||
|
||
|
||
|
||
<p class="page__date"><strong><i class="fas fa-fw fa-calendar-alt" aria-hidden="true"></i> Updated:</strong> <time datetime="2022-02-27T13:40:00+00:00">February 27, 2022</time></p>
|
||
|
||
|
||
</footer>
|
||
|
||
<section class="page__share">
|
||
|
||
|
||
<a href="https://twitter.com/intent/tweet?text=Creating+a+%2AUseless%2A+User%20https%3A%2F%2Fsahinakkaya.dev%2F2022%2F02%2F27%2Fcreating-a-useless-user.html" class="btn btn--twitter" onclick="window.open(this.href, 'window', 'left=20,top=20,width=500,height=500,toolbar=1,resizable=0'); return false;" title="Share on Twitter"><i class="fab fa-fw fa-twitter" aria-hidden="true"></i><span> Twitter</span></a>
|
||
|
||
<a href="https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fsahinakkaya.dev%2F2022%2F02%2F27%2Fcreating-a-useless-user.html" class="btn btn--facebook" onclick="window.open(this.href, 'window', 'left=20,top=20,width=500,height=500,toolbar=1,resizable=0'); return false;" title="Share on Facebook"><i class="fab fa-fw fa-facebook" aria-hidden="true"></i><span> Facebook</span></a>
|
||
|
||
<a href="https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fsahinakkaya.dev%2F2022%2F02%2F27%2Fcreating-a-useless-user.html" class="btn btn--linkedin" onclick="window.open(this.href, 'window', 'left=20,top=20,width=500,height=500,toolbar=1,resizable=0'); return false;" title="Share on LinkedIn"><i class="fab fa-fw fa-linkedin" aria-hidden="true"></i><span> LinkedIn</span></a>
|
||
</section>
|
||
|
||
|
||
|
||
<nav class="pagination">
|
||
|
||
<a href="/2022/02/26/ssh-into-machine-that-is-behind-private-network.html" class="pagination--pager" title="SSH into Machine That Is Behind a Private Network
|
||
">Previous</a>
|
||
|
||
|
||
<a href="/2022/03/03/never-get-trapped-in-grub-rescue-again.html" class="pagination--pager" title="Never Get Trapped in Grub Rescue Again!
|
||
">Next</a>
|
||
|
||
</nav>
|
||
|
||
</div>
|
||
|
||
|
||
</article>
|
||
|
||
|
||
|
||
<div class="page__related">
|
||
<h4 class="page__related-title">You May Also Enjoy</h4>
|
||
<div class="grid__wrapper">
|
||
|
||
|
||
|
||
|
||
|
||
<div class="grid__item">
|
||
<article class="archive__item" itemscope itemtype="https://schema.org/CreativeWork">
|
||
|
||
<h2 class="archive__item-title no_toc" itemprop="headline">
|
||
|
||
<a href="/2022/12/29/recap-of-2022.html" rel="permalink">Recap of 2022
|
||
</a>
|
||
|
||
</h2>
|
||
|
||
|
||
<p class="page__meta">
|
||
|
||
|
||
<span class="page__meta-date">
|
||
<i class="far fa-fw fa-calendar-alt" aria-hidden="true"></i>
|
||
|
||
<time datetime="2022-12-29T20:22:08+00:00">December 29, 2022</time>
|
||
</span>
|
||
|
||
|
||
<span class="page__meta-sep"></span>
|
||
|
||
|
||
|
||
|
||
|
||
<span class="page__meta-readtime">
|
||
<i class="far fa-fw fa-clock" aria-hidden="true"></i>
|
||
|
||
1 minute read
|
||
|
||
</span>
|
||
|
||
</p>
|
||
|
||
|
||
<p class="archive__item-excerpt" itemprop="description">It’s been a while… It has been so long that I forgot how I was writing my blogs back then. My life didn’t change that much. Actually, it is getting worse.
|
||
</p>
|
||
</article>
|
||
</div>
|
||
|
||
|
||
|
||
|
||
|
||
|
||
<div class="grid__item">
|
||
<article class="archive__item" itemscope itemtype="https://schema.org/CreativeWork">
|
||
|
||
<h2 class="archive__item-title no_toc" itemprop="headline">
|
||
|
||
<a href="/2022/06/22/rant-on-peoples-reaction-to-copilot.html" rel="permalink">Rant: Stop whatever you are doing and learn how licenses work
|
||
</a>
|
||
|
||
</h2>
|
||
|
||
|
||
<p class="page__meta">
|
||
|
||
|
||
<span class="page__meta-date">
|
||
<i class="far fa-fw fa-calendar-alt" aria-hidden="true"></i>
|
||
|
||
<time datetime="2022-06-22T07:46:00+00:00">June 22, 2022</time>
|
||
</span>
|
||
|
||
|
||
<span class="page__meta-sep"></span>
|
||
|
||
|
||
|
||
|
||
|
||
<span class="page__meta-readtime">
|
||
<i class="far fa-fw fa-clock" aria-hidden="true"></i>
|
||
|
||
2 minute read
|
||
|
||
</span>
|
||
|
||
</p>
|
||
|
||
|
||
<p class="archive__item-excerpt" itemprop="description">Recently, Github announced
|
||
that they are making Github Copilot available for everyone. Previously, it was in Beta and you could get it through the waiting l...</p>
|
||
</article>
|
||
</div>
|
||
|
||
|
||
|
||
|
||
|
||
|
||
<div class="grid__item">
|
||
<article class="archive__item" itemscope itemtype="https://schema.org/CreativeWork">
|
||
|
||
<h2 class="archive__item-title no_toc" itemprop="headline">
|
||
|
||
<a href="/2022/04/08/confession-time.html" rel="permalink">Confession Time
|
||
</a>
|
||
|
||
</h2>
|
||
|
||
|
||
<p class="page__meta">
|
||
|
||
|
||
<span class="page__meta-date">
|
||
<i class="far fa-fw fa-calendar-alt" aria-hidden="true"></i>
|
||
|
||
<time datetime="2022-04-08T15:46:00+00:00">April 8, 2022</time>
|
||
</span>
|
||
|
||
|
||
<span class="page__meta-sep"></span>
|
||
|
||
|
||
|
||
|
||
|
||
<span class="page__meta-readtime">
|
||
<i class="far fa-fw fa-clock" aria-hidden="true"></i>
|
||
|
||
2 minute read
|
||
|
||
</span>
|
||
|
||
</p>
|
||
|
||
|
||
<p class="archive__item-excerpt" itemprop="description">A failure story
|
||
Last week, I received an email from Let’s Encrypt reminding me to renew my certificates. I forgot to renew it and the certificate expired. No...</p>
|
||
</article>
|
||
</div>
|
||
|
||
|
||
|
||
|
||
|
||
|
||
<div class="grid__item">
|
||
<article class="archive__item" itemscope itemtype="https://schema.org/CreativeWork">
|
||
|
||
<h2 class="archive__item-title no_toc" itemprop="headline">
|
||
|
||
<a href="/2022/03/03/never-get-trapped-in-grub-rescue-again.html" rel="permalink">Never Get Trapped in Grub Rescue Again!
|
||
</a>
|
||
|
||
</h2>
|
||
|
||
|
||
<p class="page__meta">
|
||
|
||
|
||
<span class="page__meta-date">
|
||
<i class="far fa-fw fa-calendar-alt" aria-hidden="true"></i>
|
||
|
||
<time datetime="2022-03-03T00:46:00+00:00">March 3, 2022</time>
|
||
</span>
|
||
|
||
|
||
<span class="page__meta-sep"></span>
|
||
|
||
|
||
|
||
|
||
|
||
<span class="page__meta-readtime">
|
||
<i class="far fa-fw fa-clock" aria-hidden="true"></i>
|
||
|
||
4 minute read
|
||
|
||
</span>
|
||
|
||
</p>
|
||
|
||
|
||
<p class="archive__item-excerpt" itemprop="description">Anytime I install a new system on my machine, I pray God for nothing bad happens. But it usually happens. When I reboot, I find myself in the “Grub rescue” m...</p>
|
||
</article>
|
||
</div>
|
||
|
||
|
||
</div>
|
||
</div>
|
||
|
||
|
||
</div>
|
||
|
||
</div>
|
||
|
||
|
||
<div class="search-content">
|
||
<div class="search-content__inner-wrap"><form class="search-content__form" onkeydown="return event.key != 'Enter';">
|
||
<label class="sr-only" for="search">
|
||
Enter your search term...
|
||
</label>
|
||
<input type="search" id="search" class="search-input" tabindex="-1" placeholder="Enter your search term..." />
|
||
</form>
|
||
<div id="results" class="results"></div></div>
|
||
|
||
</div>
|
||
|
||
|
||
<div id="footer" class="page__footer">
|
||
<footer>
|
||
<!-- start custom footer snippets -->
|
||
|
||
<!-- end custom footer snippets -->
|
||
<div class="page__footer-follow">
|
||
<ul class="social-icons">
|
||
|
||
|
||
|
||
|
||
|
||
<li><a href="/feed.xml"><i class="fas fa-fw fa-rss-square" aria-hidden="true"></i> Feed</a></li>
|
||
|
||
</ul>
|
||
</div>
|
||
|
||
<div class="page__footer-copyright">© 2022 Şahin Akkaya's Personal Page. Powered by <a href="https://jekyllrb.com" rel="nofollow">Jekyll</a> & <a href="https://mademistakes.com/work/minimal-mistakes-jekyll-theme/" rel="nofollow">Minimal Mistakes</a>.</div>
|
||
<div class="page__footer-copyright">
|
||
Check out the <a href="https://github.com/Asocia/sahinakkayadotdev">code</a> of this site.
|
||
</div>
|
||
|
||
</footer>
|
||
</div>
|
||
|
||
|
||
<script src="/assets/js/main.min.js"></script>
|
||
|
||
|
||
|
||
|
||
<script src="/assets/js/lunr/lunr.min.js"></script>
|
||
<script src="/assets/js/lunr/lunr-store.js"></script>
|
||
<script src="/assets/js/lunr/lunr-en.js"></script>
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
</body>
|
||
</html>
|