cancel
Showing results for 
Search instead for 
Did you mean: 

limitation on users

SOLVED
Go to solution
CowBoy
Regular Advisor

limitation on users

Dear All
I created a user and i dont want him to xecute any executable files like "gpm,sar,..."
5 REPLIES
James R. Ferguson
Acclaimed Contributor

Re: limitation on users

Hi:

What you don't offer is what you _do_ want the user to execute.

You could limit the user to a specific menu-based script that you develop that encompasses the functions you do what to allow.

You could create a 'chroot'd environment in which you place only the executables you want to be used.

Regards!

...JRF...
Steven E. Protter
Exalted Contributor
Solution

Re: limitation on users

Shalom,

Change the rights on these binaries to o-x

chmod o-x

Set the user in a group that is not common with these utilities.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
UVK
Trusted Contributor

Re: limitation on users

Though SEP solution is a possibility, I dont think you would like to remove excute permission on binaries for others. create a chroot environment in which you can limit user access.
-------------------------------------------
Like it or worked !! Click kudos !!
Ganesan R
Honored Contributor

Re: limitation on users

Hi,

Unix permissions are not user specific. It is based on owner/group/others. You can restrict only based on this architecture.

You can use setacl to give special privilage to specific users.

So the best way is, restrict the user to some specific directory by chroot. So he cannot list or execute any files other than the files under chroot directory.
Best wishes,

Ganesh.
Bill Hassell
Honored Contributor

Re: limitation on users

The chroot environment or the restricted shell environment is quite complex to setup to match what the user needs. As mentioned, a menu script will limit the user to running only what you define. The script will then be used as the user's shell.


Bill Hassell, sysadmin