Introduction:
Creating a read-only user on an Ubuntu server is useful for allowing access to specific files or directories without permitting modifications. This can enhance security by restricting user permissions to view-only access. This guide will walk you through the steps to create a read-only user on an Ubuntu server.

Prerequisites:
1. An Ubuntu server with root or sudo access.
Step 1:
1. Access your Ubuntu server via SSH or a terminal:
2. Replace your_username with your current user and server_ip with your server’s IP address.

$ ssh your_username@server_ip

Step 2:
Create a new user named readonlyuser (you can choose any name) without a home directory:

$ adduser –no-create-home –shell /bin/bash readonlyuser

Step 3:
1. To limit the user’s ability to execute commands or navigate directories, set their shell to a restricted shell like rbash:
2. If you don’t need a restricted shell, you can keep /bin/bash, but rbash prevents the user from running arbitrary commands or changing directories.

$ usermod -s /bin/rbash readonlyuser

Step 4:
1. If the directory has restricted permissions (e.g., owned by root), add the user to a group with read access:
2. This creates a group readonlygroup, adds the user to it, sets the group as the directory’s owner, and grants read permissions to the group.

$ groupadd readonlygroup
$ usermod -aG readonlygroup readonlyuser
$ chown -R :readonlygroup /var/www/html
$ chmod -R g+r /var/www/html

Ensure the user cannot write or execute files in the directory:
1. o-wx removes write (w) and execute (x) permissions for “others.”

chmod -R o-wx /var/www/html

Step 5:
1. Verify the permissions:
2. The output should show read-only access for “others” (e.g., drwxr-xr–).

ls -ld /var/www/html


Notes:
1. no-create-home ensures that no home directory is created for the user.
2. shell /bin/bash sets the user’s shell to /bin/bash.
3. Follow the prompts to set a password and fill in optional user details (you can leave them blank by pressing Enter).
4. Identify the directory you want the user to access (e.g., /var/www/html for a web directory).
5. Grant read-only access to the directory using the following command:

$ chmod -R o+r /var/www/html





Post Views: 2

Leave a Reply