Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: need to restrict program exec and running
Top Forums UNIX for Dummies Questions & Answers need to restrict program exec and running Post 28202 by hachik on Sunday 15th of September 2002 08:10:57 AM
Old 09-15-2002
need to restrict program exec and running
I'm on Freebsd 4.5 stable, havin question of that kind:
I need to restrict programs running, like BitchX for example, which can be dowlnoaded by logged on user, and i cant set permissions to all users to prevent that program from executing. And ipfw doesnt help me because of i need to allow that user connect those ports. Any suggestions ? thx.
 

10 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Running a program automatically

How can I make a program run automatically at a certain time of day? My problem is I need to make a small backup program that will back up a few files every day? (3 Replies)
Discussion started by: jvadn0
3 Replies

2. UNIX for Dummies Questions & Answers

Running a program

Hi.Iam new to Linux.i got linux 7.0 pro and dont know how to run programs. I want a perl interputer and i know i installed one but how do i run it ??? Also how do i run a C or C++ editor ?and how do i run cron ? (3 Replies)
Discussion started by: perleo
3 Replies

3. UNIX for Dummies Questions & Answers

How to run two commands from a exec call in a c program

Hi, I have to run two commands one after another from a c program. How can i do this with exec system calls. i tried giving them as argument to execv but it is not working.please help thanks (3 Replies)
Discussion started by: suryashikha
3 Replies

4. Shell Programming and Scripting

Help with Running More than One Program

Folks, I'm really new to scripting and was wondering if you could help me out. I have the following script that I inherited: #!/bin/bash # # Usage # From the agent directory: # ./run-any-agent AgentName # TAC_AGENT_HOME=`pwd` LIB=${TAC_AGENT_HOME}/lib CLASSPATH=.... (17 Replies)
Discussion started by: DTriniWay
17 Replies

5. Programming

How forbid use fork() in exec() program.

Hello World! I am writing code in C++ which have to launch another application X using exec(). I would like to set some limits on it using setrlimit etc... My problem is that i don't know how to forbid using fork() and strlimit by application X. How can i do it? (3 Replies)
Discussion started by: kzi
3 Replies

6. Shell Programming and Scripting

How to restrict running one instance of scp at any time in fsniper

How to restrict running one instance of scp at any time? (2 Replies)
Discussion started by: proactiveaditya
2 Replies

7. Shell Programming and Scripting

How to restrict root user from running some commands

is it possible that we can restrict the root user if he runs some commands?? e.g i want if root runs command 'rm etc/passwd', he shoudn't be able to run command and throws error :confused: (3 Replies)
Discussion started by: sheelsadan
3 Replies

8. Shell Programming and Scripting

Script Variables Inquiry, Values Okay in Standalone Exec, No-Show in Cron Exec

I have the following bash script lines in a file named test.sh. #!/bin/bash # # Write Date to cron.log # echo "Begin SSI Load $(date +%d%b%y_%T)" # # Get the latest rates file for processing. # d=$(ls -tr /rms/data/ssi | grep -v "processed" | tail -n 1) filename=$d export filename... (3 Replies)
Discussion started by: ginowms
3 Replies

9. UNIX for Dummies Questions & Answers

How to restrict the execution of same script if it is running already in nohup?

Hi, How can i restrict the execution of same script if it is running already in nohup Thanks (1 Reply)
Discussion started by: ranabhavish
1 Replies

10. Programming

Simple shell running with exec family

# Erroneous question, so can be removed. (0 Replies)
Discussion started by: beginnerboy
0 Replies

LEARN ABOUT FREEBSD

smrsh

SMRSH(8)						      System Manager's Manual							  SMRSH(8)

NAME

       smrsh - restricted shell for sendmail

SYNOPSIS

       smrsh -c command

DESCRIPTION

       The smrsh program is intended as a replacement for sh for use in the ``prog'' mailer in sendmail(8) configuration files.  It sharply limits
       the commands that can be run using the ``|program'' syntax of sendmail in order to improve the over all security of your system.   Briefly,
       even  if  a  ``bad guy'' can get sendmail to run a program without going through an alias or forward file, smrsh limits the set of programs
       that he or she can execute.

       Briefly, smrsh limits programs to be in a single directory, by default /usr/libexec/sm.bin, allowing the system administrator to choose the
       set  of	acceptable  commands,  and  to the shell builtin commands ``exec'', ``exit'', and ``echo''.  It also rejects any commands with the
       characters ``', `<', `>', `;', `$', `(', `)', `
' (carriage return), or `
' (newline) on the command line to prevent ``end run'' attacks.
       It allows ``||'' and ``&&'' to enable commands like: ``"|exec /usr/local/bin/filter || exit 75"''

       Initial	pathnames  on programs are stripped, so forwarding to ``/usr/bin/vacation'', ``/home/server/mydir/bin/vacation'', and ``vacation''
       all actually forward to ``/usr/libexec/sm.bin/vacation''.

       System administrators should be conservative about populating the sm.bin directory.  For example, a reasonable  additions  is  vacation(1),
       and  the  like.	No matter how brow-beaten you may be, never include any shell or shell-like program (such as perl(1)) in the sm.bin direc-
       tory.  Note that this does not restrict the use of shell or perl scripts in the sm.bin directory (using the ``#!'' syntax); it simply  dis-
       allows  execution  of  arbitrary  programs.   Also,  including mail filtering programs such as procmail(1) is a very bad idea.  procmail(1)
       allows users to run arbitrary programs in their procmailrc(5).

COMPILATION

       Compilation should be trivial on most systems.  You may need to use -DSMRSH_PATH="path" to adjust the default search  path  (defaults	to
       ``/bin:/usr/bin'') and/or -DSMRSH_CMDDIR="dir" to change the default program directory (defaults to ``/usr/libexec/sm.bin'').

FILES

       /usr/adm/sm.bin - default directory for restricted programs on most OSs

       /var/adm/sm.bin - directory for restricted programs on HP UX and Solaris

       /usr/libexec/sm.bin - directory for restricted programs on FreeBSD (>= 3.3) and DragonFly BSD

SEE ALSO

       sendmail(8)

							   $Date: 2013-11-22 20:52:00 $ 						  SMRSH(8)
All times are GMT -4. The time now is 08:41 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy