HPE Community
Operating System - HP-UX
1837903 Members
3248 Online
110124 Solutions
New Discussion

How to disable chmod/chown

 
Satish Y
Trusted Contributor

‎07-15-2001 03:42 AM

‎07-15-2001 03:42 AM

How to disable chmod/chown

Hi,

In HP-UX by default any user can do chmod/chown on his own files. Is there any way to restrict the user, so he cannot do chmod/chown on his own files also?.

Cheers...
Satish.
Difference between good and the best is only a little effort
0 Kudos
Reply
3 REPLIES 3
Juha Eklund
Occasional Advisor

‎07-15-2001 07:49 AM

‎07-15-2001 07:49 AM

Re: How to disable chmod/chown

Hi,
I dont think so because normal user can chance only hir/her own files and taking possibility do so there arent any possibilities left ?!?! Of course You can make a wrapper ( in shell/perl/C/ whateverhis) where You can make more restrictions than the normal command ..

Can You tell more what You have in mind ..

-- Juha --

-- hopefully lost in kernel-space --
0 Kudos
Reply
James R. Ferguson
Acclaimed Contributor

‎07-15-2001 07:51 AM

‎07-15-2001 07:51 AM

Re: How to disable chmod/chown

Hi:

A "brutal" approach would be to setup the user as one with a restricted shell and place the commands you want him/her to have in /usr/rbin. See the man pages for 'sh-posix'.

Remember, that files are created without their executable bit set. Thus without the ability to 'chmod' a file, your hypothetical user could never create and then execute a script.

Perhaps this is your goal. If so, I would consider creating a menu-based script which would substitute for a shell in the first place. If you specify your menu script in lieu of the shell in the shell field of /etc/passwd, then your menu will automatically run at login; and unless you provide a specify "shell-out" command, the user will be unable to exit to a shell.

Regards!

...JRF...
0 Kudos
Reply
eran maor
Honored Contributor

‎07-15-2001 07:56 AM

‎07-15-2001 07:56 AM

Re: How to disable chmod/chown

Hi

i will try to use the restrict shell for this users .

and toy can also try to use sudo ( but i didnt ever use it ) to try to restrict the user from using command .

you can download it from and see sone info

giving you the web site

http://www.courtesan.com/sudo/man/sudo.html

http://www.rge.com/pub/admin/sudo/ - also to download other version

http://www.nscp.umd.edu/sudo.html - commands

http://www.komar.org/komar/alek/pres/sudo/
love computers
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.