HPE Community
Operating System - HP-UX
1833714 Members
2182 Online
110063 Solutions
New Discussion

Restricted access

 
SOLVED
Go to solution
Tony500
Advisor

‎04-26-2002 10:57 AM

‎04-26-2002 10:57 AM

Restricted access

I know that I can restrict a user's access with 'rsh' but that keeps the user from being able to change directories (even to directories created under user's home directory apparently). Is there a way to restrict a user to a certain range of directories (including subdirectories of user's home dir)?
You can usually find me at www.constantreader.net
0 Kudos
Reply
9 REPLIES 9
Pete Randall
Outstanding Contributor

‎04-26-2002 11:01 AM

‎04-26-2002 11:01 AM

Re: Restricted access

Hi,

You'd have to use permissions I think. Make the user a member of a distinct group and very carefully set group permissions on all the directories you want to exclude him from. Sounds like a lot of trouble to me.

Pete

Pete
0 Kudos
Reply
hari jayaram_1
Frequent Advisor

‎04-26-2002 11:02 AM

‎04-26-2002 11:02 AM

Re: Restricted access

hi,

Have you tried using ACL ?

Rgds

Hari
0 Kudos
Reply
hpuxrox
Respected Contributor

‎04-26-2002 11:03 AM

‎04-26-2002 11:03 AM

Re: Restricted access


Do a chroot on them and they will be restricted to the "root" that you give them.

man chroot
0 Kudos
Reply
Tony500
Advisor

‎04-26-2002 11:05 AM

‎04-26-2002 11:05 AM

Re: Restricted access

Wow that does sound like a lot of trouble! Still, some user's are naturally curious and wander into areas they probably shouldn't. There are one or two users on my system who fall into this category. Unfortunately, this is a mission critical machine and I can't allow them to create a disaster while trying to self teach themselves.
You can usually find me at www.constantreader.net
0 Kudos
Reply
Tony500
Advisor

‎04-26-2002 11:13 AM

‎04-26-2002 11:13 AM

Re: Restricted access

Hari,
I've seen the term ACL mentioned here lately, but I really don't know much about it. What does it do and how do you use it?
You can usually find me at www.constantreader.net
0 Kudos
Reply
Pete Randall
Outstanding Contributor

‎04-26-2002 11:15 AM

‎04-26-2002 11:15 AM

Solution

Re: Restricted access

Actually, a lot of it should be easy - all you want to do is remove write permissions. For example, nobody but root should be writing in /opt - do a "chmod -R a-w /opt" and they can't mess with it.

Pete

Pete
Reply
Tony500
Advisor

‎04-26-2002 11:43 AM

‎04-26-2002 11:43 AM

Re: Restricted access

Thanks Pete, I think that might be my best option. The only thing I worry about is: What about the 'Bang' (:wq!) Will they still be able to manually edit a file and save it with ":wq!" ?
You can usually find me at www.constantreader.net
0 Kudos
Reply
hari jayaram_1
Frequent Advisor

‎04-26-2002 12:22 PM

‎04-26-2002 12:22 PM

Re: Restricted access

Tony,

Here is a link for acl

http://www.docs.hp.com/cgi-bin/fsearch/framedisplay?top=/hpux/onlinedocs/B2355-90693/B2355-90693_top.html&con=/hpux/onlinedocs/B2355-90693/00/00/10-con.html&toc=/hpux/onlinedocs/B2355-90693/00/00/10-toc.html&searchterms=acl&queryid=20020426-132749

ACL is useful if you have JFS. It is also tricky and complicated unless you have a use for it.

Please let me know if you require any further info.

0 Kudos
Reply
Pete Randall
Outstanding Contributor

‎04-27-2002 07:14 AM

‎04-27-2002 07:14 AM

Re: Restricted access

Tony,

No, without write permission on either the directory or the file, no-one but the owner or root should be able to write to the file, bang or not.

Good luck,
Pete

Pete
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.