Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Freeze user in one directory
Operating Systems AIX Freeze user in one directory Post 302431518 by bakunin on Tuesday 22nd of June 2010 05:00:26 AM
Old 06-22-2010
Quote:
Originally Posted by Mr.AIX
for exsample I want to denied that user to access /usr , /root , /var .... etc
This is not quite possible: if you deny a user access to the "/usr" tree he will not be able to execute any commands stored there - which, in case of the "/usr" hierarchy - includes all the commands a Unix system has. The user would, for instance, not even be allowed to change his password, because the "passwd" command lives in "/usr/bin/passwd".

Of course there is "chroot", as has been mentioned, but this means basically replicating the (relevant part of the whole) system into a single directory, creating a copy of the /usr tree, etc.. You still will need to give the user access to at least these copies, otherwise you have the same situation as before. Further, the user has to log into the system to do some (meaningful) work: it might be possible that the restrictions you put onto the account at the same time prevent the account from doing anything meaningful at all.

You might explore the "restricted shell" ("ksh -r") to achieve your desired functionality, but even this is IMHO a desperate measure.

As long as you get your authentication model and your privilege model right you don't need to fall back to these solutions of last resort, though - not in most of the cases, that is. It doesn't hurt if a user can see something, as long as he isn't able to change it - which is, why there are "r" bits and "w" bits to set on a directory and file level.

So, as long as you don't explain which situation calls for such outrageous security mechanisms the best advice i can give you is: don't do it. Use normal file/directory restrictions instead, not even considering ACLs.

I hope this helps.

bakunin
 

8 More Discussions You Might Find Interesting

1. Linux

How to trace the module after system freeze?

Hi, I wrote a kernel module that did a virtual network protocol and library that provide interface for application use to interact with the kernel module by ioctl actions. insmod the module and unload the module, there will be no problem. But once I call the library with my example... (0 Replies)
Discussion started by: a2156z
0 Replies

2. Solaris

Restricting SFTP user to a defined directory and home directory

Hi, I've created solaris user which has both FTP and SFTP Access. Using the "ftpaccess" configuration file options "guest-root" and "restricted-uid", i can restrict the user to a specific directory. But I'm unable to restrict the user when the user is logged in using SFTP. The aim is to... (1 Reply)
Discussion started by: sftpuser
1 Replies

3. SCO

Help on System Freeze in SCO

Hi, My SCO server freezes suddenly. I just want to know if there any tools / commands availble that can find which is causing the freeze? Any help on this would be greatly appreciated. Regards, Ravikumar R (4 Replies)
Discussion started by: rrb2009
4 Replies

4. SCO

SCO 6.0 Freeze

Hi Gurus I have installed SCO 6.0 open server on Dell R710 server. It has frozen three times afte installtion. and I had to cold reboot to bring the server back again. I need to know where to look for the reason it froze. The keyboard on the server the asterisk key is pressed, even... (13 Replies)
Discussion started by: atish0
13 Replies

5. Linux

grub2 startup freeze

I got a dual boot with grub2, but everytime I turn on the computer and the booter is loaded, I can't handle the menu, so I am forced to wait the countdown and choose the default option. I'd really like to know why! This is my grub.cfg, # # DO NOT EDIT THIS FILE # # It is automatically... (0 Replies)
Discussion started by: Luke Bonham
0 Replies

6. Solaris

Solaris 11 install freeze

Hi, I tried to boot the Solaris 11 install DVD the other day and I can't get past the "SunOS" text banner on the clear/newscreen. It just hangs with a solid block cursor. I have a new computer and that might be the problem, but what I want is more verbosity maybe, some kind of detailed... (2 Replies)
Discussion started by: eax
2 Replies

7. Cybersecurity

Freeze system

hello is there any freeze software for Linux-redhat system to prevent any changes on /root (wish open topic on right forum) (3 Replies)
Discussion started by: nimafire
3 Replies

8. Solaris

SunOS confusing root directory and user home directory

Hello, I've just started using a Solaris machine with SunOS 5.10. After the machine is turned on, I open a Console window and at the prompt, if I execute a pwd command, it tells me I'm at my home directory (someone configured "myuser" as default user after init). ... (2 Replies)
Discussion started by: egyassun
2 Replies

LEARN ABOUT REDHAT

nwrevoke

NWREVOKE(8)							     nwrevoke							       NWREVOKE(8)

NAME

       nwrevoke - Revoke a Trustee Right from a directory

SYNOPSIS

       nwrevoke [ -h ] [ -S server ] [ -U user name ] [ -P password | -n ] [ -C ] [ -o object name ] [ -t type ] [ -r rights ] file/directory

DESCRIPTION

       nwrevoke revokes the specified bindery object with the corresponding trustee rights from the directory.

       nwrevoke  looks	up  the file $HOME/.nwclient to find a file server, a user name and possibly a password. See nwclient(5) for more informa-
       tion. Please note that the access permissions of $HOME/.nwclient MUST be 600 for security reasons.

OPTIONS

       -h
	  -h is used to print out a short help text.

       -S server
	  server is the name of the server you want to use.

       -U user
	  user is the user name to use for login.

       -P password
	  password is the password to use for login. If neither -n nor -P are given, and the user has no open connection to the  server,  nwrevoke
	  prompts for a password.

       -n
	  -n should be given if no password is required for the login.

       -C
	  By default, passwords are converted to uppercase before they are sent to the server, because most servers require this. You can turn off
	  this conversion by -C.

       -o object name
	  The name of the object to be added as trustee.

       -t object type
	  The type of the object. Object type must be specified as a decimal value. Common values are 1 for user objects, 2 for group objects  and
	  3 for print queues. Other values are allowed, but are usually used for specialized applications. If object type is not specified, object
	  name is taken as NDS name.

       file/directory
	  You must specify the file/directory from which to remove the object as trustee. If you specified -S, it must be fully qualified  NetWare
	  notation for DOS namespace. Otherwise it must be file or directory mounted to your system using ncpfs.

	  Example:

	  nwrevoke -S NWSERVER -o linus -t 1 'src:bsd_src'

	  With this example, user linus is removed as trustee from the bsd_src directory on the src volume on server NWSERVER.

	  nwrevoke -o linus -t 1 /home/vana/ncpfs/nwserver/src/bsd_src

	  With this example, user linus is removed as trustee from the bsd_src directory.

AUTHORS

       nwrevoke  was  written by Volker Lendecke with the corresponding NetWare utility in mind. See the Changes file of ncpfs for other contribu-
       tors.

nwrevoke							     7/9/1996							       NWREVOKE(8)
All times are GMT -4. The time now is 03:19 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy