1. add a new user
sudo adduser newuser
2. add user to sudo group
sudo usermod -aG sudo newuser
3. add user to ssh group
sudo vim /etc/ssh/sshd_config
>>AllowUsers newuser
4. add restriction to the new user (space sensitive)
sudo visudo -f /etc/sudoers.d/newuser
>>newuser ALL=(ALL) ALL, !sudoedit, !/usr/bin/su, !/bin/su, !/bin/bash, !/bin/sh, !/usr/bin/chmod, !/usr/bin/chown, !/usr/bin/docker, !/usr/bin/passwd, !/usr/sbin/visudo
5. check the new restriction
sudo visudo -c
If it is ok, you will the following message print out:
/etc/sudoers: parsed OK
/etc/sudoers.d/README: parsed OK
/etc/sudoers.d/newuser: parsed OK
6. apply folder restriction to current user folder
sudo chmod -R 700 /home/currentuser
7. reboot the machine and check the restriction
sudo reboot
cd /home/currentuser
sudo chmod -R 777 /home/currentuser
sudo docker ps
No comments:
Post a Comment