https://community.hpe.com/t5/operating-system-hp-ux/how-to-resrtict-users-from-executing-chown-command/m-p/2496534#M883186 This could help:<BR /><BR />chmod 700 /bin/chown<BR /><BR />Or set up a new group then change the group owner to the new one, then add the new group to the users you want to restrict chown.<BR /><BR />Marco Tue, 06 Mar 2001 15:47:32 GMT Marco Hernandez_1 2001-03-06T15:47:32Z https://community.hpe.com/t5/operating-system-hp-ux/how-to-resrtict-users-from-executing-chown-command/m-p/2496532#M883184 Wed, 21 Feb 2001 03:59:09 GMT https://community.hpe.com/t5/operating-system-hp-ux/how-to-resrtict-users-from-executing-chown-command/m-p/2496532#M883184 Upul Edirisinghe 2001-02-21T03:59:09Z https://community.hpe.com/t5/operating-system-hp-ux/how-to-resrtict-users-from-executing-chown-command/m-p/2496533#M883185 Hi,<BR /><BR />You can set ACL on the chown binary so that only userids in the ACL listing can execute the chown command.<BR /><BR />ACL is available on HFS and JFS 3.3. man chacl on the syntax of setting it. Example:<BR /><BR /># chacl '(abc.%,r-x)(def.%,r-x)' `which chown`<BR /><BR />i.e. Only the users abc and def can execute the chown command.<BR /><BR />Hope this helps. Regards.<BR /><BR />Steven Sim Kok Leong<BR />Brainbench MVP for Unix Admin<BR /><A href="http://www.brainbench.com" target="_blank">http://www.brainbench.com</A> Wed, 21 Feb 2001 06:38:32 GMT https://community.hpe.com/t5/operating-system-hp-ux/how-to-resrtict-users-from-executing-chown-command/m-p/2496533#M883185 Steven Sim Kok Leong 2001-02-21T06:38:32Z https://community.hpe.com/t5/operating-system-hp-ux/how-to-resrtict-users-from-executing-chown-command/m-p/2496534#M883186 This could help:<BR /><BR />chmod 700 /bin/chown<BR /><BR />Or set up a new group then change the group owner to the new one, then add the new group to the users you want to restrict chown.<BR /><BR />Marco Tue, 06 Mar 2001 15:47:32 GMT https://community.hpe.com/t5/operating-system-hp-ux/how-to-resrtict-users-from-executing-chown-command/m-p/2496534#M883186 Marco Hernandez_1 2001-03-06T15:47:32Z https://community.hpe.com/t5/operating-system-hp-ux/how-to-resrtict-users-from-executing-chown-command/m-p/2496535#M883187 Hi<BR />Change permission on /sbin/chown to 554. It will allow only root (members on bin group) to execute this command.<BR /># chmod 554 /sbin/chown<BR /># ls -l /sbin/chown<BR />r-xr-xr-- 1 bin bin 200704 Nov 7 1997 /sbin/chown.<BR /><BR />Thanks.<BR />Prashant Deshpande. Tue, 06 Mar 2001 17:11:52 GMT https://community.hpe.com/t5/operating-system-hp-ux/how-to-resrtict-users-from-executing-chown-command/m-p/2496535#M883187 Deshpande Prashant 2001-03-06T17:11:52Z https://community.hpe.com/t5/operating-system-hp-ux/how-to-resrtict-users-from-executing-chown-command/m-p/2496536#M883188 Hi<BR />CHOWN is a global privilege (see setprivgrp (1m)) test to be sure this is what you want.<BR /><BR /># getprivgroup<BR />global privilege: chown<BR /><BR /># echo ?n &gt; /etc/privgroup<BR /># chmod 400 /etc/privgroup<BR />To add CHOWN and other global comands for specific groups see the following example:<BR /><BR />Example:<BR />To add CHOWN and MLOCK for dba group or users.<BR />echo dba CHOWN MLOCK &gt;&gt; /etc/privgroup<BR /><BR /># sbin/init.d/set_prvgrp start<BR /><BR /># getprivgrp<BR />global privileges: <BR />dba: MLOCK CHOWN<BR /><BR />HTH<BR />Peggy<BR /><BR /> Tue, 06 Mar 2001 18:01:04 GMT https://community.hpe.com/t5/operating-system-hp-ux/how-to-resrtict-users-from-executing-chown-command/m-p/2496536#M883188 Peggy Fong 2001-03-06T18:01:04Z