Like Michael said I would accomplish this with two users. Just off the top of my head I would do:
user 1) has full read/write access to /home/user1 user 2) has read only access to /home/user2 schedule cron to rsync from /home/user1 to /home/user2 and make everything read only for the /home/user2. Dan On Sat, Feb 26, 2011 at 2:04 AM, Michael Zoet <michael.z...@zoet.de> wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Am 26.02.2011 06:32, schrieb Tapas Mishra: > > Hi, > > Hi Tapas, > > > > > I would like to allow a user to login through SSH but with different > > permission coming from different ipaddress. > > > > For example, a user "tester" login to SSH through 192.168.1.1 and > > another user login with the same login id "tester" but from different > > ip 192.168.1.2. > > > > How do I restrict 192.168.1.2 to only allow for viewing the content in > > the home directory while giving 192.168.1.1 full access? > > Why do you have to use the same user? Viewing the contents of a > directory has nothing to do with SSH and you need to use some other > methods. So using different users to login would be the easiest to > accomplish this. Then you need only to change the permissions on the > filesystem. And if you are using POSIX ACLs you have more options than > you will ever need for this situation. Keep it simple is the best way > for system administration. > > > > > > > > I got a suggestion from some one > > > > Approach 1) > > Based on the ip you change the shell. If it's just for read only a > > jail would be fine. > > > > but how do I change shell based on IP? > > > > Approach 2) > > > > to have two ssh instances. Let's say port 22 and port 24. Port 22 is > > for read only, while port 24 is for full access > > > > so how can it be possible to give port 22 only read only access to SSH > > > > > > Maybe you can tweak PAM and do some shell scripting to achieve both > aproaches. But why? If you do it not right you might break your > system. I really do not know what this could be good for... Using 2 > users is the easiest way. > > Bye, > > Michael > > > > > > > > > > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.10 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > > iEYEARECAAYFAk1otAgACgkQBvfZ5167qr9nZACfbeMQNGdRo+ELN8wB0GwZc12R > fbYAnjoZwnAN+YpzhgcgjZwrAlFmK5jy > =nExp > -----END PGP SIGNATURE----- > > > -- > ubuntu-server mailing list > ubuntu-server@lists.ubuntu.com > https://lists.ubuntu.com/mailman/listinfo/ubuntu-server > More info: https://wiki.ubuntu.com/ServerTeam >
-- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam