On Sat, Feb 26, 2011 at 1:39 PM, Dan Sheffner <dsheff...@gmail.com> wrote: > Like Michael said I would accomplish this with two users. Just off the top > of my head I would do: No not two users it has to be same user who has to be restricted based on IP from which he logs in. I need some more information on PAM approach if some one can give about it which direction should I be heading for that approach. > user 1) has full read/write access to /home/user1 > user 2) has read only access to /home/user2 > > schedule cron to rsync from /home/user1 to /home/user2 and make everything > read only for the /home/user2. > > Dan > > On Sat, Feb 26, 2011 at 2:04 AM, Michael Zoet <michael.z...@zoet.de> wrote: >> >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> Am 26.02.2011 06:32, schrieb Tapas Mishra: >> > Hi, >> >> Hi Tapas, >> >> > >> > I would like to allow a user to login through SSH but with different >> > permission coming from different ipaddress. >> > >> > For example, a user "tester" login to SSH through 192.168.1.1 and >> > another user login with the same login id "tester" but from different >> > ip 192.168.1.2. >> > >> > How do I restrict 192.168.1.2 to only allow for viewing the content in >> > the home directory while giving 192.168.1.1 full access? >> >> Why do you have to use the same user? Viewing the contents of a >> directory has nothing to do with SSH and you need to use some other >> methods. So using different users to login would be the easiest to >> accomplish this. Then you need only to change the permissions on the >> filesystem. And if you are using POSIX ACLs you have more options than >> you will ever need for this situation. Keep it simple is the best way >> for system administration. >> >> >> > >> > >> > I got a suggestion from some one >> > >> > Approach 1) >> > Based on the ip you change the shell. If it's just for read only a >> > jail would be fine. >> > >> > but how do I change shell based on IP? >> > >> > Approach 2) >> > >> > to have two ssh instances. Let's say port 22 and port 24. Port 22 is >> > for read only, while port 24 is for full access >> > >> > so how can it be possible to give port 22 only read only access to SSH >> > >> > >> >> Maybe you can tweak PAM and do some shell scripting to achieve both >> aproaches. But why? If you do it not right you might break your >> system. I really do not know what this could be good for... Using 2 >> users is the easiest way. >> >> Bye, >> >> Michael >> >> >> >> >>
-- http://mightydreams.blogspot.com -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
