HPE Community
Operating System - HP-UX
1822147 Members
4147 Online
109640 Solutions
New Discussion юеВ

User account restriction

 
Achilles_2
Regular Advisor

тАО06-22-2006 03:07 PM

тАО06-22-2006 03:07 PM

User account restriction

I am going to setup a platform for training. So I need to create a user which they don't allow to access other users (eg. root) and commands . However they could use cd command to go to upper level.
Do any experts know how to setup a user account which can restrict the user to use the particular command (eg. ftp, cd)?
0 Kudos
Reply
7 REPLIES 7
RAC_1
Honored Contributor

тАО06-22-2006 04:07 PM

тАО06-22-2006 04:07 PM

Re: User account restriction

Assign rsh (restricted shell) to user. man rsh for details.
There is no substitute to HARDWORK
0 Kudos
Reply
Raj D.
Honored Contributor

тАО06-22-2006 05:20 PM

тАО06-22-2006 05:20 PM

Re: User account restriction

Archiles,
Any way you can setup an ordinary users , and they cannot acces the root equivallent commands. like ioscan , vgcreate , lvcreate , shutdown etc. Also you can use sudo.

If you use rsh you cannot do 'cd' etc..



You can check This thread:

http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=1005655&admit=-682735245+1151039976246+28353475


Cheers,
Raj.
" If u think u can , If u think u cannot , - You are always Right . "
0 Kudos
Reply
Achilles_2
Regular Advisor

тАО06-22-2006 07:48 PM

тАО06-22-2006 07:48 PM

Re: User account restriction

command rsh will led the user cannot user cd to change the directory, but my question is considered that they couldn't go to upper level and could change to their children directory. Do anyone has an idea?
0 Kudos
Reply
Victor BERRIDGE
Honored Contributor

тАО06-22-2006 08:14 PM

тАО06-22-2006 08:14 PM

Re: User account restriction

Hi,

I suppose your best bet would be a chroot with in it a /usr/bin with the commands your users can use (do a man chroot)...

All the best
Victor
0 Kudos
Reply
Achilles_2
Regular Advisor

тАО06-22-2006 09:19 PM

тАО06-22-2006 09:19 PM

Re: User account restriction

Victor,

First thanks your help, can you explain detatil how to setup chroot user environment?
0 Kudos
Reply
Victor BERRIDGE
Honored Contributor

тАО06-23-2006 12:55 AM

тАО06-23-2006 12:55 AM

Re: User account restriction

Hi again,
Since we dont know what are your true needs its difficult to answer...
http://www.tjw.org/chroot-login-HOWTO/
http://www.kegel.com/crosstool/current/doc/chroot-login-howto.html

These two docs should help you understand how to create and what is to be done to meet your expectations.

I did one 2 years ago on solaris systems where the goal was to be able to see almost everything as if you were actually on the hosts...
The reason was the whole bunch of stations for conference purpose were connected directly to the internet...


All the best
Victor
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

тАО06-23-2006 01:06 AM

тАО06-23-2006 01:06 AM

Re: User account restriction

Shalom Achilles,

Based on your requirements if you want to restrict cd up towards root, you must chroot the user and provide the binary commands it needs inside the chroot jail.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.