cancel
Showing results for 
Search instead for 
Did you mean: 

Restricted user access.

vinuhcl
Advisor

Restricted user access.

Hi,
I have created a restricted user on my 11.11 server. Currently this user cannot wander around to any directory other than his home directory.Now, I need to set up the user rights in such a way that this user can go to the sub directories inside his home directory. Kinldy let me know if any one can help me out on this....
Thanks in advance,
Vinu
10 REPLIES
avizen9
Esteemed Contributor

Re: Restricted user access.

"this user can go to sub directories inside his home directory"

how about create sub directory and change owner to this user,
vinuhcl
Advisor

Re: Restricted user access.

Hi Avizen,
Your quick response is highlreciated. The user cannot go inside the subdirctories. Please see the below outputs;
$ whoami
testuser
$ pwd
/home/testuser
$ mkdir hp-india
$ ll -d hp-india
drwxrwxrwx 2 testuser users 96 May 28 07:39 hp-india
$ cd hp-india
rsh: cd: The operation is not allowed in a restricted shell.
johnsonpk
Honored Contributor

Re: Restricted user access.

Hi Vinu,

cd is not permitted in restricted shell ,

but you can perform certain things from outside of that subdir like

touch subdir/test
cat subdir/test


the followings are not possible in restricted shell
Redirecting output
Specifying pathnames or command names containing a slash (/).

Setting the value of the PATH or the SHELL variables.
moving around directory using cd command


Thanks!!
Johnson



avizen9
Esteemed Contributor

Re: Restricted user access.

Hello,
what method you use to create this restriced user,
why dont you try with sudo? thanks,
vinuhcl
Advisor

Re: Restricted user access.

Hi Avizen,
How I created the user is through SAM and set the shell as /usr/bin/rsh. Could you please tell me how can I limit the cd usage of a user such a way that he can do cd to his home directories and to the subditrectories inside his home directory ( I can change the shell to a normall shell other than rsh)
Dennis Handly
Acclaimed Contributor

Re: Restricted user access.

>rsh: cd: The operation is not allowed in a restricted shell.

That's what the man page says:
The cd command cannot be executed by rksh.
Or: rsh Restrictions
http://docs.hp.com/en/B2355-60130/sh-posix.1.html#d0e220003
vinuhcl
Advisor

Re: Restricted user access.

Can we set a user's privilage in sudo such a way that he can do cd to only his home direcotory and to it's child directories??
Kenan Erdey
Honored Contributor

Re: Restricted user access.

Hi,

no, sudo can't cd to unprivileged directory.
Computers have lots of memory but no imagination
johnsonpk
Honored Contributor

Re: Restricted user access.

Hi Vinu
Yes you can do that ..
#visudo
then create rule like below

userabc ALL=(ALL) NOPASSWD:/usr/bin/cd /home/userabc*

if you know the subdirectory ..u can specify that in the sudoers file separated by " ,"

eg:userabc ALL=(ALL) NOPASSWD:/usr/bin/cd /home/userabc*,/usr/bin/cd childdir




save and exit


and for moving across his directories

use sudo cd /home/userabc/

Thanks!!
Johnson


avizen9
Esteemed Contributor

Re: Restricted user access.

Hello Vinu,
first you should verify sudo is installed in your hpux box with below command,

swlist -l product | grep -i sudo

if dont have sudo installed you can install it through below,

http://www.sudo.ws/sudo/dist/binaries/