HPE Community read-only access December 15, 2018
This is a maintenance upgrade. You will be able to read articles and posts, but not post or reply.
Dec 15, 4:00 am to 10:00 am UTC
Dec 14, 10:00 pm CST to Dec 15, 4:00 am CST
Dec 14, 8:00 pm PST to Dec 15, 2:00 am PST
Showing results for 
Search instead for 
Did you mean: 

limitation on users

Go to solution
Regular Advisor

limitation on users

Dear All
I created a user and i dont want him to xecute any executable files like "gpm,sar,..."
James R. Ferguson
Acclaimed Contributor

Re: limitation on users


What you don't offer is what you _do_ want the user to execute.

You could limit the user to a specific menu-based script that you develop that encompasses the functions you do what to allow.

You could create a 'chroot'd environment in which you place only the executables you want to be used.


Steven E. Protter
Exalted Contributor

Re: limitation on users


Change the rights on these binaries to o-x

chmod o-x

Set the user in a group that is not common with these utilities.

Steven E Protter
Owner of ISN Corporation
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Trusted Contributor

Re: limitation on users

Though SEP solution is a possibility, I dont think you would like to remove excute permission on binaries for others. create a chroot environment in which you can limit user access.
Like it or worked !! Click kudos !!
Ganesan R
Honored Contributor

Re: limitation on users


Unix permissions are not user specific. It is based on owner/group/others. You can restrict only based on this architecture.

You can use setacl to give special privilage to specific users.

So the best way is, restrict the user to some specific directory by chroot. So he cannot list or execute any files other than the files under chroot directory.
Best wishes,

Bill Hassell
Honored Contributor

Re: limitation on users

The chroot environment or the restricted shell environment is quite complex to setup to match what the user needs. As mentioned, a menu script will limit the user to running only what you define. The script will then be used as the user's shell.

Bill Hassell, sysadmin