02-17-2011
set the profile shell to what u want explicitly and enable ssh to the servers you want them to only move between. Sorry if I have understood you correct.
10 More Discussions You Might Find Interesting
1. Cybersecurity
A few of the other employees here need to learn "vi" in order to use crontab to schedule / unschedule jobs on one of our production servers. I tried to set up a login on one of my Linux boxes for them to use "vimtutor", but scrapped it and decided to try for something more secure, since there are... (1 Reply)
Discussion started by: LivinFree
1 Replies
2. UNIX for Advanced & Expert Users
I am having trouble getting restricted SAM to work by allocating Privileges to a "group". I can make it work by allocaing to the userid's, but would preferre to use the "group" option.
Running B.11.11
Tried the following....
1) Created a user group in /etc/group first
2) Used the... (1 Reply)
Discussion started by: Andrek
1 Replies
3. Solaris
Hi, all,
I need to add a user to our system in order to let him use Oracle and Perl. We want him to remain in his home directory and have no access to our data and other users' files.
I created a separate group for this user, and set his shell to rksh when I created his account, by which he... (2 Replies)
Discussion started by: alanlh
2 Replies
4. Shell Programming and Scripting
Hi,
I need to provide execute access to certain users and not to all users
For ex: if ther is a file /home/august/aug.sh.
and there are user's like jan,feb,mar,april,May and jan is the owner of that box. I need to provide execute access to feb and mar only. I also know the root pwd for... (3 Replies)
Discussion started by: Ashok_oct22
3 Replies
5. AIX
Hi,
We have Oracle Database on AIX 5.3 server.We want to give ftp access to a user to a specific folder.He should be able to put and get files from that specific folder only.Moreover he should not be able to cd to any other filesystems also along with root directory.
Please note that as per... (1 Reply)
Discussion started by: dwiravi
1 Replies
6. UNIX for Dummies Questions & Answers
Hi,
I am a newbie to Linux and I want to create a user which can only execute network config commands like ifconfig and ping(to check the config). The following is what I did but failed.
1) Created a group called 'netconfig'.
2) added a user named 'user'.
3) added user to the 'netconfig'... (4 Replies)
Discussion started by: ankushpandit
4 Replies
7. UNIX for Dummies Questions & Answers
Hi All ,
Some of the users should be restricted using the MV commands on some of the standard folders. We had an issue the other day like from the standard folder structure which was set up one of the user has moved a folder to a different location and the jobs failed as the folder was not... (6 Replies)
Discussion started by: perlamohan
6 Replies
8. Solaris
Hi,
What is the command or how to create a user with the restricted usage of space on a disk.
Also let me know how to change the limit of the space size allotted in future for the same user.
~Vinodh Kumar V M (3 Replies)
Discussion started by: vino_hymi
3 Replies
9. Solaris
I have solaris 10 os 64 bit.
I need to create a restricted user which has the following command to run
ls
df and du
list crontab of root and edit crontab of root also
please help (2 Replies)
Discussion started by: reyazan
2 Replies
10. Debian
want to create a user account for each of the key programs installed on my debian server. For example, for the following programs:
Tomcat Nginx Supervisor PostgreSQL
This seems to be recommended based on my reading online. However, I want to restrict these user accounts as much as possible,... (3 Replies)
Discussion started by: Spadez
3 Replies
LEARN ABOUT LINUX
profiles
profiles(1) profiles(1)
NAME
profiles - print execution profiles for a user
SYNOPSIS
profiles [-l] [ user ...]
The profiles command prints on standard output the names of the execution profiles that have been assigned to you or to the optionally-
specified user or role name. Profiles are a bundling mechanism used to enumerate the commands and authorizations needed to perform a spe-
cific function. Along with each listed executable are the process attributes, such as the effective user and group IDs, with which the
process runs when started by a privileged command interpreter. The profile shells are pfcsh, pfksh, and pfexec. See the pfexec(1) man page.
Profiles can contain other profiles defined in prof_attr(4).
Multiple profiles can be combined to construct the appropriate access control. When profiles are assigned, the authorizations are added to
the existing set. If the same command appears in multiple profiles, the first occurrence, as determined by the ordering of the profiles, is
used for process-attribute settings. For convenience, a wild card can be specified to match all commands.
When profiles are interpreted, the profile list is loaded from user_attr(4). If any default profile is defined in /etc/security/policy.conf
(see policy.conf(4)), the list of default profiles are added to the list loaded from user_attr(4). Matching entries in prof_attr(4) provide
the authorizations list, and matching entries in exec_attr(4) provide the commands list.
The following options are supported:
-l Lists the commands in each profile followed by the special process attributes such as user and group IDs.
Example 1: Sample Output
The output of the profiles command has the following form:
example% profiles tester01 tester02
tester01 : Audit Management, All Commands
tester02 : Device Management, All Commands
example%
Example 2: Using the list Option
example% profiles -l tester01 tester02
tester01 :
Audit Management:
/usr/sbin/audit euid=root
/usr/sbin/auditconfig euid=root egid=sys
All Commands:
*
tester02 :
Device Management:
/usr/bin/allocate: euid=root
/usr/bin/deallocate: euid=root
All Commands
*
example%
The following exit values are returned:
0 Successful completion.
1 An error occurred.
/etc/security/exec_attr
/etc/security/prof_attr
/etc/user_attr
/etc/security/policy.conf
See attributes(5) for descriptions of the following attributes:
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
|Availability |SUNWcsu |
+-----------------------------+-----------------------------+
auths(1), pfexec(1), roles(1), getprofattr(3SECDB), exec_attr(4), policy.conf(4), prof_attr(4), user_attr(4), attributes(5)
11 Feb 2000 profiles(1)