How does one setup a shell account?

Sorry to ask a newbie question, but I am still fairly new at this, having
very recently converted my servers from M$ to Redhat 8... Anyway, I have a
situation that calls for the need for someone to be able to access one of my
servers (which happens to be my network router/firewall at this point) via a
"limited shell account". I created a user id and password for them and
assigned them to the group that has ownership of the specific directories
they need to access and then went into the services util from gnome desktop
(as root) and restarted sshd to be sure they could use ssh to get in, then I
opened the firewall control panel (firestarter) and opened port 22. When
this person tries to logon (he emailed me afterwards) I'm told by him that
it wouldn't let him. Now he didn't give me any information beyond that to go
off of, and I don't see any hits on the firewall log for port 22. Am I
missing a step or should I just wait to get more info from him?

The second part of this query, which was prompted by the first part above...
If I decided to offer a hosting space for a mud, how does one go about
setting up shell access and port/space/memory restrictions, etc?

Finally, sorry about cross-posting this, but I honestly wasn't sure which NG
would be better to post this question in.
-=Conner=-

--
Visit The Castle's Dungeon BBS at telnet://tcdbbs.zapto.org for some family
fun in a medieval setting, or come test your mettle in the Land of Legends,
our MUD, at telnet://tcdbbs.zapto.org:4000
For general info, visit http://www.tcdbbs.zapto.org

Conner Destron wrote:
> Sorry to ask a newbie question, but I am still fairly new at this, having
> very recently converted my servers from M$ to Redhat 8... Anyway, I have a
> situation that calls for the need for someone to be able to access one of
> my servers (which happens to be my network router/firewall at this point)
> via a "limited shell account".

Terminology: the "shell" is the command-interpreter, or its equivalent
(e.g. a login via XWindows). A "limited shell" is one that will not
consent to obey all of the commands that, say, "bash" would.


> I created a user id and password for them
> and assigned them to the group that has ownership of the specific
> directories they need to access and then went into the services util from
> gnome desktop (as root) and restarted sshd to be sure they could use ssh
> to get in, then I opened the firewall control panel (firestarter) and
> opened port 22. When this person tries to logon (he emailed me afterwards)
> I'm told by him that it wouldn't let him. Now he didn't give me any
> information beyond that to go off of, and I don't see any hits on the
> firewall log for port 22. Am I missing a step or should I just wait to get
> more info from him?

The firewall can be told to "drop" the packets, or to "reject" them. And
the firewall can be told to produce a log entry, or not. If the packets
are dropped, the remote user has no way to know what happened to them. If
they are rejected, he'll get "connection refused." That might be useful
for now, just as a way of determining whether or not the packets are
arriving at your door.


> The second part of this query, which was prompted by the first part
> above... If I decided to offer a hosting space for a mud, how does one go
> about setting up shell access and port/space/memory restrictions, etc?
>
> Finally, sorry about cross-posting this, but I honestly wasn't sure which
> NG would be better to post this question in.
> -=Conner=-

Lots of hosting-providers use software designed for the purpose, like Plesk.
This simply packages all the various "necessary evils" into one convenient
place that's easy to manage. If you're serious about providing hosting
(and I might not add, "why not let someone /else/ do it for you,
instead?"), those packages might be worth looking in to.

> Am I missing a step or should I just wait to get
> more info from him?

Sounds like you need to get more information. Get from him the exact error
message / details of what happens. And just to check: Have you made sure
that you can ssh from some other computer to the server, using that
account?

Jon

-- * Does the walker choose the path, or does the path choose the walker?
(fr. Sabriel) * --