Operating System - HP-UX
1748102 Members
4789 Online
108758 Solutions
New Discussion

Re: Sudo to restrict command execution

 
Ajin_1
Valued Contributor

Sudo to restrict command execution

Hi Experts ,

 

Thanks in advance

 

 

My requirement is i want to restrict users to executing commands.

I have 25 users in this server ,the requirement was that will execute only the list of commands (50 commands) ,and restrictall the commands.

Is this achived by sudo or from OS level any other options there.

Thanks & Regards
Ajin.S
Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
2 REPLIES 2
Matti_Kurkela
Honored Contributor

Re: Sudo to restrict command execution

Sudo is a good tool for allowing the users to execute some sets of commands as some other user.

 

But if you want to restrict the commands available for the users with their normal user accounts, you will need a restricted shell.

 

See "man sh-posix" on a HP-UX and read the paragraph titled "rsh Restrictions", or see "man ksh" and read the paragraph titled "rksh Only" for restricted ksh shell.

 

Basically:

  1. make copies of all the allowed commands, and place them to some directory (e.g. /usr/rbin)
  2. configure the /etc/profile or the ~/.profile of the restricted users so that only that directory will be in their PATH
  3. change the shell of the restricted users to /usr/bin/rsh or /usr/bin/rksh.
MK
Ajin_1
Valued Contributor

Re: Sudo to restrict command execution

 

Hi MK ,

 

Thank you very much.

Really appriciate you.

Thanks & Regards
Ajin.S
Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.