-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Am 26.02.2011 06:32, schrieb Tapas Mishra: > Hi,
Hi Tapas, > > I would like to allow a user to login through SSH but with different > permission coming from different ipaddress. > > For example, a user "tester" login to SSH through 192.168.1.1 and > another user login with the same login id "tester" but from different > ip 192.168.1.2. > > How do I restrict 192.168.1.2 to only allow for viewing the content in > the home directory while giving 192.168.1.1 full access? Why do you have to use the same user? Viewing the contents of a directory has nothing to do with SSH and you need to use some other methods. So using different users to login would be the easiest to accomplish this. Then you need only to change the permissions on the filesystem. And if you are using POSIX ACLs you have more options than you will ever need for this situation. Keep it simple is the best way for system administration. > > > I got a suggestion from some one > > Approach 1) > Based on the ip you change the shell. If it's just for read only a > jail would be fine. > > but how do I change shell based on IP? > > Approach 2) > > to have two ssh instances. Let's say port 22 and port 24. Port 22 is > for read only, while port 24 is for full access > > so how can it be possible to give port 22 only read only access to SSH > > Maybe you can tweak PAM and do some shell scripting to achieve both aproaches. But why? If you do it not right you might break your system. I really do not know what this could be good for... Using 2 users is the easiest way. Bye, Michael -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk1otAgACgkQBvfZ5167qr9nZACfbeMQNGdRo+ELN8wB0GwZc12R fbYAnjoZwnAN+YpzhgcgjZwrAlFmK5jy =nExp -----END PGP SIGNATURE----- -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
