- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- How to create a user with only a few commands ava...
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-07-2019 01:58 AM
06-07-2019 01:58 AM
How to create a user with only a few commands available to him
Hi
I need to create a user that basically have only read access, but I beleive that is not possible, so how provide him with limited commands, like (he should not have to do 'rm' , 'mv')
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-10-2019 03:15 AM - last edited on 06-28-2021 09:25 PM by Ramya_Heera
06-10-2019 03:15 AM - last edited on 06-28-2021 09:25 PM by Ramya_Heera
Re: How to create a user with only a few commands available to him
Hello ,
You can't create a user account with read only access .
Note that a newly created user has write access to his home directory while the user can only read or list contents in other directories. The user will not have write or run permission on other directories unless he has been added to a group having write/run permission on those directories.
You can try to install sudo (which is not supported by HPE) and configure these users to restrict the commands they can run as well as log commands that they are allowed to run.
sudo can be downloaded from HPE InternetExpress Bundle or from HPUX Porting website.
Manikandan
I work for HPE
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-11-2019 07:02 PM
06-11-2019 07:02 PM
Re: How to create a user with only a few commands available to him
It sounds like this user has permission to damage files and directories not in the $HOME directory. If you have files and directories with 777 and 666 permissions, I would have an HP-UX expert help you set the correct permissions. A normal user can't change or remove files in system directories like /usr, /opt, /etc and so on. Run the command:
swverify \*
which will verify the system files and directories. At the end of the run, there will a note on where read the permission errors:
NOTE: More information may be found in the agent logfile using the command "swjob -a log yoda-4232 @ yoda:/".
In the meantime, to immediately limit a user to specific commands, don't give the user standard shell access. Instead, write a short menu program with the tasks that are allowed. Here is an example:
#!/usr/bin/ksh ######################## # # # menu.ksh # # ======== # # # # Simple menu script # # to run selected # # commands # # # ######################## # Example menu program to replace a normal shell for a user. # This script prevents acces to a shell prompt trap "exit" 0 1 2 3 6 11 15 # all signals will exit set -u export PATH=/usr/bin:/usr/sbin # don't use default $PATH export MYNAME=${0##*/} # basename for this script export MYHOSTNAME=$(hostname) # current hostname export MYHOST=${MYHOSTNAME%%.*} # drops FQDN if present export MYIPADDR=$(getip $MYHOSTNAME) # Get IP address for this host export MYNODE=$(uname -n) # NODENAME from uname -n alias noc="awk 'NF && ! /^[[:space:]]*#/'" # show file(s) without comments ############## # ShowMenu # ############## function ShowMenu { ## Display the menu of choices - must match case/esac below ## Ask the question and return clear cat << EOF Menu script ... $MYNAME 1. bdf 2. uname 3. ioscan -knf 4. exit EOF echo "\nEnter choice: \c" return } ################# # PressReturn # ################# function PressReturn { ## Simple pause and return echo "\n...press Enter to continue...\c" read return } ############################# # M A I N P R O G R A M # ############################# TIMEOUT=10 while : do ShowMenu # Wait $TIMEOUT seconds for a reply REPLY=$(line -t $TIMEOUT) case $REPLY in 1) bdf PressReturn ;; 2) uname -a PressReturn ;; 3) ioscan -knf PressReturn ;; 4) exit ;; "") echo "\n\nno response, exiting\n" exit ;; *) echo echo "Invalid choice: $REPLY" PressReturn ;; esac done exit
Then replace the reference to sh or ksh in the passwd file for that user. Now when they login, they will get the menu and no way to run any other commands.
Bill Hassell, sysadmin
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-12-2019 12:13 AM
06-12-2019 12:13 AM
Re: How to create a user with only a few commands available to him
Hi Bill
As I was trying my options, what I initially did was to create a new group, and insert that new user into that group, so this user (newly created) could not "rm" or "mv", but could "cp" the files from other directories....
But now I will try your option.