HPE Community
Operating System - HP-UX
1844009 Members
2532 Online
110226 Solutions
New Discussion

Preventing user to delete file

 
SOLVED
Go to solution
Ammar_4
Frequent Advisor

‎08-18-2005 11:34 AM

‎08-18-2005 11:34 AM

Preventing user to delete file

How can we prevent any user from deleting the file so that he couldn't delete any file
0 Kudos
7 REPLIES 7
Rajeev Shukla
Honored Contributor

‎08-18-2005 12:33 PM

‎08-18-2005 12:33 PM

Re: Preventing user to delete file

You have to be really carefull with the file permission, specially the important files you dont want to get deleted.
But you cant really get away with the files he owns. The files he owns, he can delete,modify etc.. but with the other files and directories make sure that they are not world writeable, avoid 777 permissions.
Run to find commands to see the security holes in system like find -mode
Enable ACL support if you like to give more deep control over the permissions of files.
0 Kudos
morganelan
Trusted Contributor

‎08-18-2005 12:51 PM

‎08-18-2005 12:51 PM

Solution

Re: Preventing user to delete file

I think you must do :
1.Backup all your file systems such as OS, user data, database, and application file.
2.Disable rm command for certain user
Kamal Mirdad
0 Kudos
morganelan
Trusted Contributor

‎08-18-2005 01:05 PM

‎08-18-2005 01:05 PM

Re: Preventing user to delete file

I Think you need rksh as users default shell. Please see man rksh for more detail.
Users then can not

Change directory
Set value of SHELL, ENV, or PATH
Specify path or command names containing /
Redirect output (>, >|, <>, and >>)"

1)Create user accounts, you can use sam() or command useradd.
Assign users restricted shell
2)To restrict available command(s),

2a) Create a directory /usr/rbin and copy Copy (or symbolic link) commands you want to give access to, e.g. date,ls,pwd,banner
etc.
2b)Create users .profile file in home directory with the PATH variable:
export PATH=/usr/rbin
2c)Ensure the user owns his .profile file in
the home directory.

Test it. After you create these accounts, login as restricted user and command access will be limited to /usr/rbin.
Plus the standard rsh restrictions also apply.
Kamal Mirdad
0 Kudos
Ammar_4
Frequent Advisor

‎08-18-2005 01:27 PM

‎08-18-2005 01:27 PM

Re: Preventing user to delete file

how can i disable rm command for specific user
0 Kudos
morganelan
Trusted Contributor

‎08-18-2005 01:40 PM

‎08-18-2005 01:40 PM

Re: Preventing user to delete file

Put in user's .profile file this entry:

alias rm = '/sbin/rrr.sh'

because rrr.sh does not exist on the system so user can not use it
Kamal Mirdad
0 Kudos
Bill Hassell
Honored Contributor

‎08-18-2005 01:41 PM

‎08-18-2005 01:41 PM

Re: Preventing user to delete file

You can always alias the rm command to do nothing, or to report to the user that rm is forbidden. But it sounds like this, or perhaps several users should not be allowed access to the system, or not be allowed shell access. The best solution is to create a menu script that provides only the required commands and nothing else. I am assuming that the problem users do not have root access. If they do, install sudo immediately and never give out the root password. And make sure that the sudoers file restricts allowable commands.


Bill Hassell, sysadmin
0 Kudos
Ammar_4
Frequent Advisor

‎08-18-2005 01:48 PM

‎08-18-2005 01:48 PM

Re: Preventing user to delete file

thanks
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.