|
google site
|
|||||||
| Forums | Register | Blog | Man Pages | Forum Rules | Links | Albums | FAQ | Users | Calendar | Search | Today's Posts | Mark Forums Read |
|
|
| UNIX for Dummies Questions & Answers If you're not sure where to post a UNIX or Linux question, post it here. All UNIX and Linux newbies welcome !! |
 |
Powered by 
|
|
|
Thread Tools | Search this Thread | Display Modes |
|
#1
06-06-2006
|
|||
|
|||
|
Creating subusers & assigning limited rights
Hi all,
I need to create 2 users sde1 & sde2 with limited authority(only for read). I know the root password.Pls tell me step by step procedure how to create these subusers to root. the commands which these subusers can run are : 1)#df -k 2)#ps -ef|grep syb 3)#ps -ef|grep omc 4)ps -eofname,pcpu,comm|sort -k 2n -Sandy |
| Sponsored Links | ||
|
|
|
#2
06-06-2006
|
||||
|
||||
|
I think what you want is a procedure to configure a chroot jail for those users, don't you?... That's not a trivial procedure. There a re lots of docs on that, just go to google
 |
|
#3
06-06-2006
|
|||
|
|||
|
Quote:
Quote:
Quote:
If you have bash, you can put their login shell into restricted mode, which would prevent them from doing...nearly anything. A chroot jail would be a more ironclad solution, but the bash one is very simple... The way I went about this was:
Code:
PATH=/opt/lubin exec /bin/bash --noprofile -r Code:
mecgentoo ~ # chmod 444 /home/limiteduser/.bash_profile /home/limiteduser/.bashrc /home/limiteduser/.bash_logout mecgentoo ~ # chown root:root /home/limiteduser/.bash_profile /home/limiteduser/.bashrc /home/limiteduser/.bash_logout mecgentoo ~ # ls -l /home/limiteduser/.bash_profile -r--r--r-- 1 root root 242 Jun 6 08:47 /home/limiteduser/.bash_profile mecgentoo ~ # chown root:root /home/limiteduser mecgentoo ~ # chmod 555 /home/limiteduser mecgentoo ~ # ls -ld /home/limiteduser dr-xr-xr-x 2 root root 4096 Jun 6 08:47 /home/limiteduser/.bashrc mecgentoo ~ # Code:
mecgentoo ~ # su - limiteduser
limiteduser@mecgentoo ~ $ ls
bash: ls: command not found
limiteduser@mecgentoo ~ $ df -k
Filesystem 1K-blocks Used Available Use% Mounted on
/dev/hda2 19236340 7741408 10517780 43% /
udev 257720 416 257304 1% /dev
/dev/hda4 272267008 101397300 170869708 38% /opt
/usr/share/images/squid-cache.ext2
2064208 16700 2047508 1% /var/cache/squid
shm 257720 0 257720 0% /dev/shm
limiteduser@mecgentoo ~ $ ps -ef|grep syb
1007 10474 10463 0 08:53 pts/0 00:00:00 grep syb
limiteduser@mecgentoo ~ $ ps -eofname,pcpu,comm|sort -k 2n
COMMAND %CPU COMMAND
acpid 0.0 acpid
agetty 0.0 agetty
agetty 0.0 agetty
...
limiteduser@mecgentoo ~ $ exit
exit
mecgentoo ~ #edit -- do NOT include bash in /opt/lubin, that's a security hole! Last edited by Corona688; 06-06-2006 at 11:21 AM.. Reason: continuing improvements |
|
#4
06-06-2006
|
||||
|
||||
|
Well, a restricted shell is a much easyer solution... It just depends on the limits you want for those users...
On a restricted shell you sould be careful with the PATH variable and the user's profile files. Regards. |
|
#5
06-06-2006
|
|||
|
|||
|
Quote:
|
| Sponsored Links | ||
|
|
|
| Bookmarks |
| Thread Tools | Search this Thread |
| Display Modes | |
|
|
More UNIX and Linux Forum Topics You Might Find Helpful
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| user with limited privileges | Juha | Solaris | 1 | 03-17-2008 02:02 AM |
| FTP rights | Burhan | Solaris | 2 | 03-15-2007 06:22 AM |
| Unix access rights | rudo | UNIX for Dummies Questions & Answers | 1 | 02-26-2007 05:40 PM |
| User rights | sharmavr | HP-UX | 1 | 07-25-2006 03:16 AM |
| Groups Rights | niasdad | UNIX Desktop for Dummies Questions & Answers | 3 | 07-16-2002 09:01 AM |
Linear Mode
