Thank you Mitch for the ideas! Please see below: On 20/09/23 10:30PM, Mitchell Riedstra wrote: > > > However, I now have the problem of allowing users setting and > > modifying their own passwords (perhaps even their usernames) without > > giving them ssh access to the host. > > It will be a bit more tricky if you want them to be able to change > their usernames and such, but it's possible to modify sshd to force a > command for a specific group. > > For instance if you create a group 'passwdonly', add the users to it, > and place a: > > Match Group passwdonly > ForceCommand /usr/bin/passwd > > At the bottom of /etc/ssh/sshd_config it makes the only thing they can > do when they SSH is to be able to change their password. > > If you have password authentication turned off you can turn it on for > that specific group as well. > > You can also write a custom script to prompt them for what they wish to > do, change their username and such and force that to be the command. > I learned a lot from these few lines and I appreciate that. The users of this service will not know what ssh is and they will probably do most of the tasks by their smartphones. That's why I am guessign the web interface may be the most extreme they may tolerate, lol. > > > I set up a simple mail server on OpenBSD on a VPS, based on OpenSMTP > > and Dovecot. The users will be the Unix users on the VPS for > > simplicity. > > In this instance, if you wish to expose a web interface for changing > of usernames and passwords, going with virtual users backed by > a SQL database may be easier and less likely to compromise the host. > > I know you had mentioned not having a lot of experience in this area, > but if it's a hobby the bit of programming involved may be fun.
It looks like I gotta do some reading to learn how to do this. I wonder if Rainloop would be simpler or more work. I guess I am a lazy hobbyist, lol! Thanks again for the brainstorming, I truly appreciate it. Hakan
signature.asc
Description: PGP signature
