• Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Únete a otros 2 seguidores

  • Calendario de Actividades

    enero 2009
    L M X J V S D
    « Dic   Feb »
  • Reciente Comentarios

    tech drawing symbols en UBUNTU DEBIAN LINUX minihowto…
    chris en UBUNTU DEBIAN LINUX minihowto…
    Anónimo en Como Habilitar el un usuario G…
    dzup en CentOS Howto Dinamic…
    programavoip en CentOS Howto Dinamic…
  • Blog Stats

    • 11,804 hits

minihows Freebsd – Build a very simple FreeBSD free shell server (English).

by dzup (19 dec 2008 UTC 6am)

On this minihowto, I will try to explain how to build a free shell service using FreeBSD.
The idea is to create a shell account on the system by means of logging into via ssh
using username “newuser” password “newuser”.
I’ve using FreeBSD and ‘sudo’ on this example; To keep this minihowto short and simple we are
not going to use ‘jails’, perhaps a little modification on this script maybe able to work on Linux.
Note: There are bunch of ways to do this, involving different levels of security and difficulty, keep in mind:
this is a “MINIHOWTO”, meaning is short and simple, you are welcome to add
sugestions@remarks, This is not the “facto”  method, use at your own risk.

First we need to create our directories, groups, user, quotas, etc.
as root:

touch /sbin/                  # create
chmod +x /sbin/               # change mode eXecute
echo "/sbin/" >> /etc/shells  # we add to list of valid shells
pw group add freeshell                   # we add our group freeshell
cd /home                                 # chdir to /home
mkdir userexample                        # create user to be use as a example
pw user add -n userexample -d /home/userexample -g freeshell -s /sbin/ #create userexample
chown userexample:freeshell /home/userexample             # userexample:freeshell owns directory

Please define userexample quotas, it will be used to copy quotas to new users, use:
edquota userexample

pw user add -n newuser  -g wheel -s /sbin/     # we create our main user
passwd newuser                                            # Enter 'newuser' as passwd (if you like)
pkg_add -r sudo                                           # install sudo.
echo "wheel    ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers    # dont askme for root password
pkg_add -r bash                                           # install bash if you dont have it

We are done, but there are some security issues I like to point out, I will not use jails at
this point ‘cuz like to keep it  short and simple, here are some suggestions:
If you planning a new install, suggest the following structure:
  /usr   #after you tweak your box in /etc/fstab mount this as read only.
  /home  #in /etc/fstab enable quotas for /home.
Programs like: yes, ping, sudo, who, top and others should be denial to users in group ‘freeshell’.
Restrictions on number of running process allowed.
If you use PHP turn ‘safe_mode’
…Others will apply.
Now all we need its the script, copy and paste the next code in /sbin and name it ‘/sbin/’
Here is the code:

#!/usr/local/bin/bash #change this to where bash is located.
# dzup ( zzerver [at] )
# Dec 19 2008
echo ""
echo "Enter your MOTD here"
echo "Example:"
echo "Welcome to my free ssh service!"
echo "to obtain a shell, please log in as:"
echo "username: newuser"
echo "password: newuser"
num2=`echo $RANDOM`  # create a ramdom number to avoid floods.
echo "Magic Number: $num2"
echo "What is the Magic Number?"
read num1
if [ "$num2" != "$num1" ] ; then
# Avoid Flows
echo "Sorry, Wrong Magic Number, try again ..."
read null
echo "Please enter your username"
echo "username: "
read usuario
if [ "$usuario" = "" ] ; then
# username is null.
echo "Invalid username, try again..."
echo "Press Enter to exit."
read null
hacklogin=`echo "$usuario" | tr -d "|;\140<>4247134176$"`
if [ ! "$usuario" == "$hacklogin" ] ; then
# dangerous caracteres.
echo "Invalid Username, try again ...n"
echo "Press Enter to exit."
read null
# verify if username already exist.
safelogin=`echo "$usuario"|tr -cd "[:alnum:]"`
password=`echo $RANDOM`
existe=`sudo cat /etc/master.passwd|sed 'y/[:]/[ ]/'|awk '{print   $1}'|grep $safelogin`
existe=`echo $?`
if [ "$existe" = 0 ] ; then
# username already in system.
echo "username: ' $safelogin ' already in our system, try again ... "
echo "Press Enter to exit."
read null
echo "Ready to add $usuario in our system."
echo "confirm 'y' to yes, any other character to abort."
echo "by answering 'y' you agree to our terms and policies."
echo "Correct (y/n)?"
read correcto
if [ "$correcto" != "$respuesta" ] ; then
# didn't not accept our terms, so ...byebye.
echo "Aborting creation, thanks."
echo "(if this is an error, we was expecting ' $respuesta ' to create your shell, try again)."
echo "Press Enter to exit."
read null
# Lets create our new user.
echo "Creating $usuario ..."
sudo pw user add $safelogin -g  -d /home/$safelogin -n $safelogin -s /usr/local/bin/bash -L freeshell
sudo mkdir /home/$safelogin    #create his/her home
# lame way to get the new passwd, since its a minihowto wtf.
# i will like to ask for passwd before create user, hmm i fix that some other time.
echo "Please enter your password (twice):"
sudo passwd $safelogin
#now lets create the enviroment.
#note, at this time the user can enter blank passwds, which is a
#security issue, will be fix letter
#comments are welcome.
sudo mkdir /home/$safelogin/public_html               #create his/her http space.
sudo chown -R $safelogin:freeshell /home/$safelogin/ #he own everything in his home.
sudo chmod -R 705 /home/$safelogin                    #make sure nobody in our group can read my files
sudo chmod -R 775 /home/$safelogin/public_html/      #make sure apache can read public_html
sudo cp /etc/skel/.bash_profile /home/$safelogin     #cp skel(modify /etcskel/.bash_profile)
sudo chown -R $safelogin:freeshell /home/$safelogin/.bash_profile     # he/her own this
sudo edquota -p userexample $safelogin                #Copy user quotas from our userexample
sudo quotacheck -a                                   #lets update quotas database
echo "User succesfully created!"
echo "Thank you for registering with us."
echo "tu login into your new shell use: ssh -l $safelogin"
echo -e "Press Enter to exit."
read null

Save the above code in /sbin as, After you done that, you can ssh to your box
using ‘newuser’@’newuser’ combination and it will create a shell for you.
Notes: There are several ways to improbe this as you can see, this is the very basic idea,
Remember post your remarks/suggestion, they are always welcome.
thanks and good luck (adios)


2 comentarios

  1. […] un tutoriel sympathique décrivant comment créer un serveur de comptes shell avec FreeBSD. C’est *insecure* au possible mais la manip est sympa. « FreeBSD 7.1 […]

  2. Thank you.


Introduce tus datos o haz clic en un icono para iniciar sesión:

Logo de

Estás comentando usando tu cuenta de Cerrar sesión / Cambiar )

Imagen de Twitter

Estás comentando usando tu cuenta de Twitter. Cerrar sesión / Cambiar )

Foto de Facebook

Estás comentando usando tu cuenta de Facebook. Cerrar sesión / Cambiar )

Google+ photo

Estás comentando usando tu cuenta de Google+. Cerrar sesión / Cambiar )

Conectando a %s

A %d blogueros les gusta esto: