HPE Community read-only access December 15, 2018
This is a maintenance upgrade. You will be able to read articles and posts, but not post or reply.
Hours:
Dec 15, 4:00 am to 10:00 am UTC
Dec 14, 10:00 pm CST to Dec 15, 4:00 am CST
Dec 14, 8:00 pm PST to Dec 15, 2:00 am PST
cancel
Showing results for 
Search instead for 
Did you mean: 

limitation on users

 
SOLVED
Go to solution
CowBoy
Regular Advisor

limitation on users

Dear All
I created a user and i dont want him to xecute any executable files like "gpm,sar,..."
5 REPLIES
James R. Ferguson
Acclaimed Contributor

Re: limitation on users

Hi:

What you don't offer is what you _do_ want the user to execute.

You could limit the user to a specific menu-based script that you develop that encompasses the functions you do what to allow.

You could create a 'chroot'd environment in which you place only the executables you want to be used.

Regards!

...JRF...
Steven E. Protter
Exalted Contributor
Solution

Re: limitation on users

Shalom,

Change the rights on these binaries to o-x

chmod o-x

Set the user in a group that is not common with these utilities.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
UVK
Trusted Contributor

Re: limitation on users

Though SEP solution is a possibility, I dont think you would like to remove excute permission on binaries for others. create a chroot environment in which you can limit user access.
-------------------------------------------
Like it or worked !! Click kudos !!
Ganesan R
Honored Contributor

Re: limitation on users

Hi,

Unix permissions are not user specific. It is based on owner/group/others. You can restrict only based on this architecture.

You can use setacl to give special privilage to specific users.

So the best way is, restrict the user to some specific directory by chroot. So he cannot list or execute any files other than the files under chroot directory.
Best wishes,

Ganesh.
Bill Hassell
Honored Contributor

Re: limitation on users

The chroot environment or the restricted shell environment is quite complex to setup to match what the user needs. As mentioned, a menu script will limit the user to running only what you define. The script will then be used as the user's shell.


Bill Hassell, sysadmin