https://community.hpe.com/t5/operating-system-hp-ux/restricted-access/m-p/2712240#M60879 hi,<BR /><BR />Have you tried using ACL ?<BR /><BR />Rgds<BR /><BR />Hari<BR /> Fri, 26 Apr 2002 18:02:15 GMT hari jayaram_1 2002-04-26T18:02:15Z https://community.hpe.com/t5/operating-system-hp-ux/restricted-access/m-p/2712238#M60877 I know that I can restrict a user's access with 'rsh' but that keeps the user from being able to change directories (even to directories created under user's home directory apparently). Is there a way to restrict a user to a certain range of directories (including subdirectories of user's home dir)? Fri, 26 Apr 2002 17:57:50 GMT https://community.hpe.com/t5/operating-system-hp-ux/restricted-access/m-p/2712238#M60877 Tony500 2002-04-26T17:57:50Z https://community.hpe.com/t5/operating-system-hp-ux/restricted-access/m-p/2712239#M60878 Hi,<BR /><BR />You'd have to use permissions I think. Make the user a member of a distinct group and very carefully set group permissions on all the directories you want to exclude him from. Sounds like a lot of trouble to me.<BR /><BR />Pete Fri, 26 Apr 2002 18:01:26 GMT https://community.hpe.com/t5/operating-system-hp-ux/restricted-access/m-p/2712239#M60878 Pete Randall 2002-04-26T18:01:26Z https://community.hpe.com/t5/operating-system-hp-ux/restricted-access/m-p/2712240#M60879 hi,<BR /><BR />Have you tried using ACL ?<BR /><BR />Rgds<BR /><BR />Hari<BR /> Fri, 26 Apr 2002 18:02:15 GMT https://community.hpe.com/t5/operating-system-hp-ux/restricted-access/m-p/2712240#M60879 hari jayaram_1 2002-04-26T18:02:15Z https://community.hpe.com/t5/operating-system-hp-ux/restricted-access/m-p/2712241#M60880 <BR />Do a chroot on them and they will be restricted to the "root" that you give them. <BR /><BR />man chroot<BR /> Fri, 26 Apr 2002 18:03:43 GMT https://community.hpe.com/t5/operating-system-hp-ux/restricted-access/m-p/2712241#M60880 hpuxrox 2002-04-26T18:03:43Z https://community.hpe.com/t5/operating-system-hp-ux/restricted-access/m-p/2712242#M60881 Wow that does sound like a lot of trouble! Still, some user's are naturally curious and wander into areas they probably shouldn't. There are one or two users on my system who fall into this category. Unfortunately, this is a mission critical machine and I can't allow them to create a disaster while trying to self teach themselves. Fri, 26 Apr 2002 18:05:58 GMT https://community.hpe.com/t5/operating-system-hp-ux/restricted-access/m-p/2712242#M60881 Tony500 2002-04-26T18:05:58Z https://community.hpe.com/t5/operating-system-hp-ux/restricted-access/m-p/2712243#M60882 Hari,<BR />I've seen the term ACL mentioned here lately, but I really don't know much about it. What does it do and how do you use it? Fri, 26 Apr 2002 18:13:12 GMT https://community.hpe.com/t5/operating-system-hp-ux/restricted-access/m-p/2712243#M60882 Tony500 2002-04-26T18:13:12Z https://community.hpe.com/t5/operating-system-hp-ux/restricted-access/m-p/2712244#M60883 Actually, a lot of it should be easy - all you want to do is remove write permissions. For example, nobody but root should be writing in /opt - do a "chmod -R a-w /opt" and they can't mess with it.<BR /><BR />Pete Fri, 26 Apr 2002 18:15:34 GMT https://community.hpe.com/t5/operating-system-hp-ux/restricted-access/m-p/2712244#M60883 Pete Randall 2002-04-26T18:15:34Z https://community.hpe.com/t5/operating-system-hp-ux/restricted-access/m-p/2712245#M60884 Thanks Pete, I think that might be my best option. The only thing I worry about is: What about the 'Bang' (:wq!) Will they still be able to manually edit a file and save it with ":wq!" ? Fri, 26 Apr 2002 18:43:00 GMT https://community.hpe.com/t5/operating-system-hp-ux/restricted-access/m-p/2712245#M60884 Tony500 2002-04-26T18:43:00Z https://community.hpe.com/t5/operating-system-hp-ux/restricted-access/m-p/2712246#M60885 Tony,<BR /><BR />Here is a link for acl<BR /><BR /><A href="http://www.docs.hp.com/cgi-bin/fsearch/framedisplay?top=/hpux/onlinedocs/B2355-90693/B2355-90693_top.html&amp;con=/hpux/onlinedocs/B2355-90693/00/00/10-con.html&amp;toc=/hpux/onlinedocs/B2355-90693/00/00/10-toc.html&amp;searchterms=acl&amp;queryid=20020426-132749" target="_blank">http://www.docs.hp.com/cgi-bin/fsearch/framedisplay?top=/hpux/onlinedocs/B2355-90693/B2355-90693_top.html&amp;con=/hpux/onlinedocs/B2355-90693/00/00/10-con.html&amp;toc=/hpux/onlinedocs/B2355-90693/00/00/10-toc.html&amp;searchterms=acl&amp;queryid=20020426-132749</A><BR /><BR />ACL is useful if you have JFS. It is also tricky and complicated unless you have a use for it.<BR /><BR />Please let me know if you require any further info.<BR /><BR /> Fri, 26 Apr 2002 19:22:26 GMT https://community.hpe.com/t5/operating-system-hp-ux/restricted-access/m-p/2712246#M60885 hari jayaram_1 2002-04-26T19:22:26Z https://community.hpe.com/t5/operating-system-hp-ux/restricted-access/m-p/2712247#M60886 Tony,<BR /><BR />No, without write permission on either the directory or the file, no-one but the owner or root should be able to write to the file, bang or not.<BR /><BR />Good luck,<BR />Pete Sat, 27 Apr 2002 14:14:30 GMT https://community.hpe.com/t5/operating-system-hp-ux/restricted-access/m-p/2712247#M60886 Pete Randall 2002-04-27T14:14:30Z