UNIX for Dummies Questions & Answers

How about if you wrote a script named ps to replace the ps program (which you renamed to, say, ps.bin or something.

Then in the script you say if not xxx user run ps.bin otherwise do nothing or whatever would be better.

Thanx GSalisbury. I am still wondering is there no simple straighforward way to do this.

I am new to UNIX. I am sure there must be a way thru some os permission setting.

I see this is such a basic requirement. WHy would we even need to write a script to do this.

Dont you think the OS should be able to handle this.
Its like in a Database I can easily revoke permissions from a procedure from a specific USER.
Would the OS not have such a provision for a specific user ?

Thanx

Well... not wanting to get drawn into a big debate as others may have more intimate knowledge... but that's pretty much the way it is.

Generally speaking if "it's on the path" and executable to the user than it runs. There is no inherent user/command "matrix".

"nix" provides the flexibility for you to implement the by user controls if you wish a number of different ways.

You could use the rename and intercepting script method.

You could alter the user's path (at login) so they can't see it or what they see is something different and/or in a different place (a variation on the intercepting script method).

As root:

. make a directory:
mkdir -m755 /.bin_trap

. make an empty file named ps in that directory:
cp /dev/null /.bin_trap/ps
or a non-empty file to do whatever is good for you

. make that file executable:
chmod 555 /.bin_trap/ps

Then in the user's login script set the path variable to have your /.bin_trap at the beginning of the list so your ps is found first. The syntax for doing that varies depending upon the shell in use.

Of course, a reasonably astute user would eventually be able to get around that but, perhaps, you're not concerned there.

Geo.

I feel your asking the wrong question....

you are passing a password into a command/script?
then you can see the password in the full commandline using ps -ef

GSalisbury,
Thanx again for your valuable inputs.
I will try the .bin_trap method which you suggested.
I wish unix was a bit flexible.


robsonde,
I hear you but I am asking the apprpriate question. This requirement could be generic for any utility not just ps.
Thanx for your inputs. I agree sometimes we do ask the wrong question to because we think there lies the solution

radoulov post shows how not to place the Oracle username and password on the command line ... which makes it not visible in "ps".

To stop "ps" for a particular user, try alias in their profile. Ensure that root owns the profile to stop the user making changes.

Code:

alias ps='false'

try

Code:

chmod 554 /bin/ps

Provided u have root privledges for this command