- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- how to limit commands and execution of
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-20-2003 02:24 PM
02-20-2003 02:24 PM
Working with HPUX 11.00 systems - mostly L class systems.
Got a request to limit an acct. I can limit the acct from roaming by using the rsh as the shell but additional to the request is to limit the commands to only telnet & ftp and to limit these 2 commands to only a specific host. Example, acctA has login access only to systemA (using the rsh to restrict their movements). Once on systemA they can only telnet/ftp to systemB - they can NOT do this to systemC, systemD, systemN,...
Can I setup this type of security? How?
Many thanks!
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-20-2003 02:54 PM
02-20-2003 02:54 PM
Re: how to limit commands and execution of
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-20-2003 02:56 PM
02-20-2003 02:56 PM
SolutionYes. The trick is in setting the PATH. Once you created the user with restricted shell, edit his/her .profile and delete all other paths and add only PATH=/usr/rbin
In /usr/rbin, create a script call systemB. systemB contains nothing but "/usr/bin/telnet systemB"
If you want him to access other commands, you can simply copy them from /usr/bin into this directory.
He will not be able to execute anything other than in /usr/rbin directory.
-Sri
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-20-2003 02:56 PM
02-20-2003 02:56 PM
Re: how to limit commands and execution of
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-20-2003 03:05 PM
02-20-2003 03:05 PM
Re: how to limit commands and execution of
If you wanted to make changes to your system and create /usr/rbin etc this would be a reasonable choice. I would look seriously at using 'sudo' only as then you are then only making changes to one file and of course everthing can be logged as well. If your looking at it from a security perspective, you can keep a big brother look at what the user is doing and when.
Cheers
Michael.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-20-2003 03:22 PM
02-20-2003 03:22 PM
Re: how to limit commands and execution of
telnet other systems from there. He still would not be able to get out of his box on the original host but all others would be available to him.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-20-2003 06:10 PM
02-20-2003 06:10 PM
Re: how to limit commands and execution of
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-21-2003 07:30 AM
02-21-2003 07:30 AM
Re: how to limit commands and execution of
Many thanks for the input. Long story short, the PATH, rsh, and sudo are working together. There is some setup involved but for the meantime it appears to be functioning as intended.
Also, if they get to systemB and can go anywhere else, that is the job of the administrators on systemB since I do not have admin rights on systemB. (systemB is actually a system in PA). But if they come back to systemA I am only allowing them to access systemB.
Once on systemB I cannot control where they go to or what they do. They have a separate login account over there with a separate group of admins and a whole different set of rules to follow.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-21-2003 11:24 AM
02-21-2003 11:24 AM