HPE Community
Operating System - HP-UX
1834694 Members
2358 Online
110069 Solutions
New Discussion

Restriction of Particular Commands

 
Karthikeyan_5
Frequent Advisor

‎06-02-2003 11:53 AM

‎06-02-2003 11:53 AM

Restriction of Particular Commands

How to restrict particular commands say rm,ls,mkdir ..etc correspoding to the users.
0 Kudos
Reply
7 REPLIES 7
James R. Ferguson
Acclaimed Contributor

‎06-02-2003 11:56 AM

‎06-02-2003 11:56 AM

Re: Restriction of Particular Commands

Hi:

You should utilize a "restricted shell". Look at the 'sh_posix' man pages for more information.

Essentially you create a directory called '/usr/rbin' and copy into it the commands the user is allowed to execute. Make sure to add this directory to the user's PATH.

The biggest drawback to this mechanism is that file output redirection is prohibited.

Regards!

...JRF...
0 Kudos
Reply
James R. Ferguson
Acclaimed Contributor

‎06-02-2003 11:57 AM

‎06-02-2003 11:57 AM

Re: Restriction of Particular Commands

Hi:

You should utilize a "restricted shell". Look at the 'sh_posix' man pages for more information.

Essentially you create a directory called '/usr/rbin' and copy into it the commands the user is allowed to execute. Make sure to add this directory to the user's PATH.

The biggest drawback to this mechanism is that file output redirection is prohibited.

Regards!

...JRF...
0 Kudos
Reply
James R. Ferguson
Acclaimed Contributor

‎06-02-2003 11:57 AM

‎06-02-2003 11:57 AM

Re: Restriction of Particular Commands

Hi:

You should utilize a "restricted shell". Look at the 'sh_posix' man pages for more information.

Essentially you create a directory called '/usr/rbin' and copy into it the commands the user is allowed to execute. Make sure to add this directory to the user's PATH.

The biggest drawback to this mechanism is that file output redirection is prohibited.

Regards!

...JRF...
0 Kudos
Reply
Dario_1
Trusted Contributor

‎06-02-2003 11:58 AM

‎06-02-2003 11:58 AM

Re: Restriction of Particular Commands

Hi!!!

Check Jame's answer in this post.

http://forums.itrc.hp.com/cm/QuestionAnswer/1,,0xf9428b82cc91d711abdc0090277a778c,00.html

Regards,

DR
0 Kudos
Reply
Paul Sperry
Honored Contributor

‎06-02-2003 11:59 AM

‎06-02-2003 11:59 AM

Re: Restriction of Particular Commands

I do this by putting aliases in their .profile/.login s.

alias rm='cat /dev/null'
alias ls='cat /dev/null'

That way when they try using the command
nothing happens :)
0 Kudos
Reply
James R. Ferguson
Acclaimed Contributor

‎06-02-2003 12:02 PM

‎06-02-2003 12:02 PM

Re: Restriction of Particular Commands

Hi (again):

As an additional, general note, you should set the sticky bit on shared directories. This restricts deletion of files in the directory to only the owner. For example:

# chmod 1777 /tmp

...while will appear as:

drwxrwxrwt

Regards!

...JRF...
0 Kudos
Reply
Geoff Wild
Honored Contributor

‎06-02-2003 06:03 PM

‎06-02-2003 06:03 PM

Re: Restriction of Particular Commands

How about chmod 550 the commands...

Restricted shell is a better way to go....if you are worried about users - then why do they have access at all?

IMHO - Just make sure your system is hardened so that they can only damage their own files....they should have the ability to delete files they create - else they will call you all the time - and you don't really want that now do you? :)

Rgds...Geoff
Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.