SOC Blogs
Tutorials
About Me
Get in touch!
Tutorials
Tutorials/
How To Create A Service User in Linux For Data Transfer Only
How To Create A Service User in Linux For Data Transfer Only
Search
How To Create A Service User in Linux For Data Transfer Only

How To Create A Service User in Linux For Data Transfer Only

 
 
Create the service account: Use the useradd command to create a new user account. For example, to create a service account called "data-transfer", you can run:
 
sudo useradd -m -s /usr/sbin/nologin data-transfer
 
This will create a new user account with no login shell and a home directory.
Set permissions: To restrict the service account to data transfer only, you can set permissions on the directories and files it is allowed to access. For example, you can create a directory called "/data" and give the service account read and write access to that directory:
 
sudo mkdir /data
sudo chown root:root /data
sudo chmod 700 /data
sudo setfacl -m u:data-transfer:rw /data
 
This will create a directory called "/data" owned by the root user, and give read and write access to the "data-transfer" user.
 
Disable password login: To prevent users from logging in as the service account, you can disable password login for that user. Use the passwd command to set a random, unguessable password for the user:
 
sudo passwd -l data-transfer
 
This will lock the password for the "data-transfer" user, effectively disabling password login.
 
Use the service account for data transfer: You can now use the service account for data transfer operations, such as transferring files between servers using tools like rsync or scp. To use the service account, you will need to specify its username and password when prompted.
 
Note that it is still possible for users with sudo privileges to switch to the service account using the su or sudo su commands. To prevent this, you can configure sudo to restrict users from switching to the service account by adding the following line to the /etc/sudoers file:
 
Defaults:data-transfer !authenticate
 
This will prevent users from switching to the "data-transfer" user using sudo su or similar commands. However, note that this will not prevent users from running commands as the "data-transfer" user using sudo -u data-transfer <command>.
 
 
 
 

Conclusion

 
Check out my other blogs here ✏️
 
SOC Blogs
BoredToolbox.
SOC Blogs
https://boredtoolbox.pw/soc-blogs
SOC Blogs
 
Follow, Mentoring Free (& Paid) 📞
 
Bored Toolbox
I am a Security Engineer, passionate about building secure solutions that solve a problem at scale. Currently I work with Meta as a Security Engineer with the RL Trust Team solving Manufacturing Security Challenges for Reality Labs
Bored Toolbox
https://bento.me/boredtoolbox
Bored Toolbox
 
Subscribe to my free Security Focussed Newsletter 📰 
 
SOC Blogs | LinkedIn
Avradeep Bhattacharya | A security and technology focused newsletter that aims to share "interesting" stories heard around the internet.
SOC Blogs | LinkedIn
https://www.linkedin.com/newsletters/6964456220447387648/
SOC Blogs | LinkedIn