System Administration
Showing results for 
Search instead for 
Do you mean 

Sudo to restrict command execution

Valued Contributor

Sudo to restrict command execution

Hi Experts ,

 

Thanks in advance

 

 

My requirement is i want to restrict users to executing commands.

I have 25 users in this server ,the requirement was that will execute only the list of commands (50 commands) ,and restrictall the commands.

Is this achived by sudo or from OS level any other options there.

Thanks & Regards
Ajin.S
Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
2 REPLIES
Honored Contributor Honored Contributor

Re: Sudo to restrict command execution

Sudo is a good tool for allowing the users to execute some sets of commands as some other user.

 

But if you want to restrict the commands available for the users with their normal user accounts, you will need a restricted shell.

 

See "man sh-posix" on a HP-UX and read the paragraph titled "rsh Restrictions", or see "man ksh" and read the paragraph titled "rksh Only" for restricted ksh shell.

 

Basically:

  1. make copies of all the allowed commands, and place them to some directory (e.g. /usr/rbin)
  2. configure the /etc/profile or the ~/.profile of the restricted users so that only that directory will be in their PATH
  3. change the shell of the restricted users to /usr/bin/rsh or /usr/bin/rksh.
MK
Highlighted
Valued Contributor

Re: Sudo to restrict command execution

 

Hi MK ,

 

Thank you very much.

Really appriciate you.

Thanks & Regards
Ajin.S
Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.