Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: user with limited privileges
Operating Systems Solaris user with limited privileges Post 302175974 by cmr164 on Monday 17th of March 2008 03:02:09 AM
Old 03-17-2008
Restricted Shell
Quote:
Originally Posted by Juha
Hi,
Is it possible to create a user that would have access only to a defined list of files? I would like to create a user that can access a set of files that are located behind different path. This user should not have access to anything else than these files.
OS is Solaris 10.
Thanks!
You might try having the user login shell set to /usr/lib/rsh. This will restrict him to his home directory and limit his $PATH to whatever you set it to be.

From the Docs
Assigning a Restricted Shell

The standard shell allows a user to open files, execute commands, and so on. The restricted shell is invoked with the /usr/lib/rsh command. The restricted shell can be used to limit the ability of a user to change directories and to execute commands. Note that the restricted shell is not the remote shell, which is /usr/sbin/rsh. The restricted shell differs from the standard shell in the following ways:

*

The user is limited to the user's home directory, so the user cannot use the cd command to change directories. Therefore, the user cannot browse system files.
*

The user cannot change the PATH variable, so the user can use only commands in the PATH set by the system administrator. The user also cannot execute commands or scripts by using a complete path name.
*

The user cannot redirect output with > or >>.

The restricted shell enables you to limit a user's ability to stray into the system files. The shell creates a limited environment for a user who needs to perform specific tasks. The restricted shell is not completely secure, however, and is only intended to keep unskilled users from inadvertently doing damage.
 

10 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

User Privileges

I have used several Linux Flavors and now I need to know something. I have the ROOT user and then I have my personal user. What I need to do is for my normal user to be able to write files to directories where appearntly, only the root user has privileges. For example, to write files to... (1 Reply)
Discussion started by: gdboling
1 Replies

2. UNIX for Advanced & Expert Users

new user - basic privileges

I want to create a new user with very basic priviliges. How to jail the user in his home directory?? how to deny him some of unix commands (rm for example) thx (1 Reply)
Discussion started by: melanie_pfefer
1 Replies

3. UNIX for Dummies Questions & Answers

create user - limited priviledge

i want to create unix user account (usera) for outsider so that they can run program that exist in /application/xxx/. The account have their own home directory (/home/usera). But on the same time the user cannot run any application/command either than in /application/xxx/. User can only... (1 Reply)
Discussion started by: golden_shooter
1 Replies

4. UNIX for Advanced & Expert Users

create user - limited priviledge

i want to create unix user account (usera) for outsider so that they can run program that exist in /application/xxx/. The account have their own home directory (/home/usera). But on the same time the user cannot run any application/command either than in /application/xxx/. User can only... (1 Reply)
Discussion started by: golden_shooter
1 Replies

5. AIX

Privileges User ((Please urgent))

Hi ,,, I create new user on AIX 5.2 but the user have privileges root user Why the user have privileges root user although the user specification not the same specification root user ??? PLease help me ... (6 Replies)
Discussion started by: AIX122
6 Replies

6. UNIX for Dummies Questions & Answers

user with limited access

dear guys, sorry for asking a noob :p question, tried to search the forum for an answer but couldn't find one, i am running solaris 10 and i would like to create a user with limited access to view only one directory, the directory already exist, is this possible:confused:? thanks and regards (4 Replies)
Discussion started by: q8devilish
4 Replies

7. Solaris

User with limited access to one directory

is there a way to create a user and limit him to read,write and execute only in one direcotry. the directory is already exsist and it belongs to dba group. i would like to make this user can't even cd to another directory or even if he can he cant do anything in the other directories. if... (7 Replies)
Discussion started by: q8devilish
7 Replies

8. Ubuntu

Create New User with the same group nd privileges of the other user

Hi, Anyone can help me on how to duplicate privileges and group for useroradb01 to userrootdb01. I have currently using "useroradb01" and create a newly user "userrootdb01". I want both in the sames privileges and group. Please see the existing users list below; drwxr-xr-x 53 useroradb01... (0 Replies)
Discussion started by: fspalero
0 Replies

9. HP-UX

How to create a user in UNIX with some limited permissions?

As i know, Unix or Linux only manages 2 type of user: root user or normal user. All users with userID=0 will have all administration permissions like root user with the system. In my case, i want to create a new user in HP-UNIX environment with all root permissions only one exception that this... (5 Replies)
Discussion started by: hieucn1404
5 Replies

10. HP-UX

User with root privileges in hp ux

hi, i am new in hp ux and i must create a user with root privileges and so i disable ssh connection from root login. thanks.. (6 Replies)
Discussion started by: eliste
6 Replies

LEARN ABOUT HPUX

privgrp

privgrp(5)							File Formats Manual							privgrp(5)

NAME

       privgrp - HP-UX group privileges

DESCRIPTION

       HP-UX  allows  subletting of limited superuser-like privileges to all users or to members of a particular group or groups.  This capability
       is deprecated and only existing applications should use it.  The newer fine-grained privilege facilities described in privileges(5)  should
       be used by new applications.

       The header defines the following symbolic privilege names: and

       All  but  one of the group privileges are supported as fine-grained privileges and described in privileges(5).  The one group privilege not
       supported as a fine-grained privilege is:

	      Permits the use of the
			     and system calls for changing respectively the real user ID and real group ID of a  process  (see	setuid(2)).   This
			     behavior  of  is  deprecated  and	only legacy applications should use it.  Newer applications should use and respec-
			     tively, to achieve the same effect.  (No special privileges required.)

       The header defines two additional symbolic constants:

	      defines the maximum number of groups with special privileges.
			     Of this maximum, one is reserved for global privileges (granted to all processes) and the remainder can  be  assigned
			     to actual group IDs.

	      defines the size of the multi-word mask used
			     in defining privileges associated with a group ID.

       The and commands and the and system calls may be used to define and query the privilege group associations.

       The group privileges are automatically initialized from the contents of (see privgrp(4)) at boot time.

WARNINGS

       This mechanism is deprecated and only legacy applications should use it.  See privileges(5) for a description of fine-grained privileges.

SEE ALSO

       getprivgrp(1),  setprivgrp(1M), chown(2), getprivgrp(2), lockf(2), mpctl(2), plock(2), pset_create(2), rtprio(2), rtsched(2), serialize(2),
       setgid(2), setuid(2), shmctl(2), privgrp(4), privileges(5).

																	privgrp(5)
All times are GMT -4. The time now is 02:14 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy