- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: restricting access
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-03-2010 11:39 PM
тАО01-03-2010 11:39 PM
I would like to know what is to be done to restrict users to acess some commands like rm,del etc??ie I want all these commands to be used by root only.
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-04-2010 01:20 AM
тАО01-04-2010 01:20 AM
Re: restricting access
could you please explain me, why you need to make it ??? i think this are standard commands in Unix enviroment, and if you are scared, that the user will delete some system files, you should make some restriction on User permition, normal user can't delete files thats not owned.
mikap
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-04-2010 01:54 AM
тАО01-04-2010 01:54 AM
Re: restricting access
If the commands you want to restrict are shell's internal commands, you need to change the user's shell to a special restricted version (rsh). "man sh-posix" has instructions for setting up the rsh environment: you will need to configure everything that the user is *allowed* to do.
With rsh, you must be careful to not allow the use of any tool that includes the ability to run unrestricted shell commands.
If the commands you want to restrict are available only as separate binaries (e.g. in /usr/bin), you can change their permissions to remove the execute permission from normal users. You might also want to create a group for users that *are* allowed to execute such commands, and make those commands executable by that group only.
Making basic file manipulation commands like "rm" unavailable to regular command line users is usually futile: there are many other ways to delete a file. For example, move another file to overwrite the target file, then move it back. Or if they have access to a C compiler, they could easily build their own rm command.
Your users might learn tricks like that, or they might simply dump all their work on the restricted system to the system administrator (you) because they will really hate reporting every filename mistake to someone else to be fixed. Or they might request root access to the system "because nothing can be done without it": if they can get a boss to approve that, your work to secure the system will become worthless.
What's the actual problem you're trying to solve by restricting access to some basic commands?
MK
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-05-2010 07:22 AM
тАО01-05-2010 07:22 AM
SolutionUnix operates with beer.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-05-2010 08:04 AM
тАО01-05-2010 08:04 AM
Re: restricting access
A better question might be why do you think you need to do so? It's usually futile, and if you actually manage to do so, you end up having to manage there home directories as well (since they can't clean it up either)
permissions, when appropriately set, should be sufficient
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-05-2010 10:35 PM
тАО01-05-2010 10:35 PM
Re: restricting access
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-05-2010 10:51 PM
тАО01-05-2010 10:51 PM
Re: restricting access
Why dont you try to first find out yourself on the internet or the man pages. I can see whatever doubt you have, you just post here.
Please first try yourelf. There are lots of other forums like this already posted or also there are so many docs available in HP for this. Asking doubts and doubts and doubts only is not the purpose here. I hope you understand this.
People spare their valuable time from their daily routine job to look into this forum to help others. So, please come up with the doubts if you have not found it anywhere else.
Thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-06-2010 05:32 AM
тАО01-06-2010 05:32 AM
Re: restricting access
yep, in theory, there's a way:
# ll /usr/bin/rm
-r-xr-xr-x 2 bin bin 28672 Sep 7 2007 /usr/bin/rm
remove the execute flag for group and others:
# chmod g-x /usr/bin/rm
# chmod o-x /usr/bin/rm
But: DON'T TRY THIS AT HOME!!!
Unix operates with beer.