09-12-2009
how can i restrict commands
hi all,
i want to restrict commands to run from a specifc directory..and to make that only some specific commands to run ,,not all.
please help me ...how can i make this happen.
10 More Discussions You Might Find Interesting
1. Shell Programming and Scripting
Hi,
I guess by default SED looks for any occurences anywhere in the file or text. Is it possible to restrict the search to replace only for the complete pattern .
I have data file like
record 1->"abc abc123"
record 2->"123 aaaaa"
record 3->"./abc acacac"
i have a replace file
... (7 Replies)
Discussion started by: braindrain
7 Replies
2. Solaris
Hi all,
How to restrict the perticular commands to users(or perticular users) in
solaris10?
Could you please assist me the precedure for above issue.
Thanks & Regards
krishna (0 Replies)
Discussion started by: krishna176
0 Replies
3. Shell Programming and Scripting
Hi all,
Is there a way to prevent users from being able to execute commands less a select few? For instance, I wish to allow the user to be only able to execute 1 command, which is exec a.sh. He should not be able to do simple stuff such as ls, cd, rm, cat, etc.
Can this be achieved?
... (1 Reply)
Discussion started by: rockysfr
1 Replies
4. Solaris
Dears,
how to determine the commands that could be used by certain user..like I want to prevent some users from running pwd command????
Thanx (4 Replies)
Discussion started by: mm00123
4 Replies
5. Shell Programming and Scripting
I want to log into a remote server transfer over a new config and then backup the existing config, replace with the new config.
I am not sure if I can do this with BASH scripting.
I have set up password less login by adding my public key to authorized_keys file, it works.
I am a little... (1 Reply)
Discussion started by: bash_in_my_head
1 Replies
6. Shell Programming and Scripting
Hi,
How can i restrict use of USB in redhat. & also is it possible to allow USB devices for only specific devices or only few known penDrives......?
Thank you (4 Replies)
Discussion started by: shivarajM
4 Replies
7. Shell Programming and Scripting
is it possible that we can restrict the root user if he runs some commands?? e.g i want if root runs command 'rm etc/passwd', he shoudn't be able to run command and throws error :confused: (3 Replies)
Discussion started by: sheelsadan
3 Replies
8. UNIX for Dummies Questions & Answers
I'm trying to use squid to restrict elinks' access to certain websites(only http traffic).
I have tried some configs in squid.conf but no luck. Hope someone has a bit of time to explain me how can you make these config's :)
---------- Post updated at 05:40 PM ---------- Previous update was at... (1 Reply)
Discussion started by: Birnbacher
1 Replies
9. Shell Programming and Scripting
Hi,
I am trying to restrict an ssh-user to execute unwanted commands using ssh from a remote host a. So for that I am using the forced command in the authorized_keys file that will allow the ssh-user to only execute a particular command.
If I did not set this, I am able to login via ssh and... (2 Replies)
Discussion started by: Anil George
2 Replies
10. Red Hat
Hi,
I wanted add a group to the sudoers file so they can run sudo commands and blocked su command but it seems they can just run sudo -i to switch to root which defeats my purpose.
Is it possible to block sudo -i with the help of sudoers file or any other way.
Please advise.
The below... (1 Reply)
Discussion started by: Jartan
1 Replies
SMRSH(8) System Manager's Manual SMRSH(8)
NAME
smrsh - restricted shell for sendmail
SYNOPSIS
smrsh -c command
DESCRIPTION
The smrsh program is intended as a replacement for sh for use in the ``prog'' mailer in sendmail(8) configuration files. It sharply limits
the commands that can be run using the ``|program'' syntax of sendmail in order to improve the over all security of your system. Briefly,
even if a ``bad guy'' can get sendmail to run a program without going through an alias or forward file, smrsh limits the set of programs
that he or she can execute.
Briefly, smrsh limits programs to be in a single directory, by default /etc/smrsh, allowing the system administrator to choose the set of
acceptable commands, and to the shell builtin commands ``exec'', ``exit'', and ``echo''. It also rejects any commands with the characters
``', `<', `>', `;', `$', `(', `)', `
' (carriage return), or `
' (newline) on the command line to prevent ``end run'' attacks. It allows
``||'' and ``&&'' to enable commands like: ``"|exec /usr/local/bin/filter || exit 75"''
Initial pathnames on programs are stripped, so forwarding to ``/usr/ucb/vacation'', ``/usr/bin/vacation'', ``/home/server/mydir/bin/vaca-
tion'', and ``vacation'' all actually forward to ``/etc/smrsh/vacation''.
System administrators should be conservative about populating the /etc/smrsh directory. For example, a reasonable additions is vaca-
tion(1), and the like. No matter how brow-beaten you may be, never include any shell or shell-like program (such as perl(1)) in the
/etc/smrsh directory. Note that this does not restrict the use of shell or perl scripts in the sm.bin directory (using the ``#!'' syntax);
it simply disallows execution of arbitrary programs. Also, including mail filtering programs such as procmail(1) is a very bad idea.
procmail(1) allows users to run arbitrary programs in their procmailrc(5).
FILES
/etc/smrsh - directory for restricted programs
SEE ALSO
sendmail(8)
$Date: 2004/08/06 03:55:35 $ SMRSH(8)