01-18-2012
IMO you are going at it in the wrong way.
First off, create a chrooted user that has some privilege, not all.
In the chroot jail (new / root directory ) only populate /usr/bin (or whatever with commands you can live with). No commands can be a link outside the jail.
Next, grant whatever users you want the privilege of becoming that special user, via sudo and /etc/sudoers
Basically though I gave you and answer, this is a not a good idea overall. I would not do this. Why do you want ordinary users doing normally restricted operations on the system.
You can probably use /etc/sudoers to set up what you want, but DO'NT let everybody have access to everything. The model is grant access. The model is never deny access.
Which is what your question is all about. Deny access.
The reason is the negative approach has serious flaws, even though you may think otherwise. You will notice that the security model that comes with the system is the "grant access model". There lots of good reasons for that. Don't bypass 30 years of security work for no good reason.
*I like Frank's answer better,I was being too polite.
10 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
Hi Guys,
I wonder if one of you would have a list of dangerous commands on unix.
Regards (8 Replies)
Discussion started by: JBB873
8 Replies
2. Solaris
Dear All,
I am a new Administrator of Solaris in the company , I need a list of the commands pls ...
Regards
Adel (2 Replies)
Discussion started by: ArabOracle.com
2 Replies
3. Shell Programming and Scripting
Hi ,
I am having one situation in which I need to run some simple unix commands after doing "chroot" command in a shell script. Which in turn creates a new shell.
So scenario is that
- I need to have one shell script which is ran as a part of crontab
- in this shell script I need to do a... (2 Replies)
Discussion started by: hkapil
2 Replies
4. UNIX for Advanced & Expert Users
Hi,
I would like to have a list of commands in a table, see below example
Command description
HPUNIX
SUN UNIX
IBM AIX
all above i need comparison list of commands ASAP please..........
B.R (1 Reply)
Discussion started by: f_amshan
1 Replies
5. Shell Programming and Scripting
hi all scripting gurus,
need some guide and advise from you.
i'm trying to list all the files in the year 2004 and the file format is something like this: 11176MZ00004JV900004JVB00004JVCcDBU20041206.txt try to use the symbol ^ but somehow it does not help.
i try this as well: ls -ltr |... (12 Replies)
Discussion started by: lweegp
12 Replies
6. Shell Programming and Scripting
Dear Sir/Mam,
Can you tell me list of internal commands which are easy to implements...???
Means sir I am a beginner in unix shell programming. So, I just wanted to know that which internal commands are easy to implements in C language.
thanks.... (1 Reply)
Discussion started by: ranusahu
1 Replies
7. Shell Programming and Scripting
I want to log into a remote server transfer over a new config and then backup the existing config, replace with the new config.
I am not sure if I can do this with BASH scripting.
I have set up password less login by adding my public key to authorized_keys file, it works.
I am a little... (1 Reply)
Discussion started by: bash_in_my_head
1 Replies
8. Linux
I had a umount busy issue, that the usual fuser -mk did not solve, I did a umount -l and was able to unmount the device, I then got in trouble by the storage team staff:
Here was a snippet of their response:
Using "umount -l" is a potentially dangerous act.
The command combination for a lazy... (8 Replies)
Discussion started by: pastajet
8 Replies
9. Shell Programming and Scripting
basically i'm tired of hitting the left arrow a few dozen times when correcting a mistake or modifying a history command
i'd like to use vim style key shortcuts while on the command line so that a 55 moves the cursor 55 places to the left...
and i want all the other vi goodies, search of... (3 Replies)
Discussion started by: marqul
3 Replies
10. War Stories
Hello All,
I am posting a intresting story which is posted by Mark Brader but actual story is from Mario Wolczko. Original link is here
Thanks,
R. Singh (4 Replies)
Discussion started by: RavinderSingh13
4 Replies
LEARN ABOUT FREEBSD
atf-sh
ATF-SH(1) BSD General Commands Manual ATF-SH(1)
NAME
atf-sh [-s shell] -- interpreter for shell-based test programs
SYNOPSIS
atf-sh script
DESCRIPTION
atf-sh is an interpreter that runs the test program given in script after loading the atf-sh(3) library.
atf-sh is not a real interpreter though: it is just a wrapper around the system-wide shell defined by ATF_SHELL. atf-sh executes the inter-
preter, loads the atf-sh(3) library and then runs the script. You must consider atf-sh to be a POSIX shell by default and thus should not
use any non-standard extensions.
The following options are available:
-s shell Specifies the shell to use instead of the value provided by ATF_SHELL.
ENVIRONMENT
ATF_LIBEXECDIR Overrides the builtin directory where atf-sh is located. Should not be overridden other than for testing purposes.
ATF_PKGDATADIR Overrides the builtin directory where libatf-sh.subr is located. Should not be overridden other than for testing purposes.
ATF_SHELL Path to the system shell to be used in the generated scripts. Scripts must not rely on this variable being set to select a
specific interpreter.
EXAMPLES
Scripts using atf-sh(3) should start with:
#! /usr/bin/env atf-sh
Alternatively, if you want to explicitly choose a shell interpreter, you cannot rely on env(1) to find atf-sh. Instead, you have to hardcode
the path to atf-sh in the script and then use the -s option afterwards as a single parameter:
#! /path/to/bin/atf-sh -s/bin/bash
ENVIRONMENT
ATF_SHELL Path to the system shell to be used in the generated scripts.
SEE ALSO
atf-sh(3)
BSD
September 27, 2014 BSD