Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: How to restrict root user from running some commands
Top Forums Shell Programming and Scripting How to restrict root user from running some commands Post 302613761 by methyl on Tuesday 27th of March 2012 06:51:05 PM
Old 03-27-2012
Please post the exact Operating System and version in question and mention whether it has been installed as a "secure" or even "Government restricted" version of unix.

It is possible on some "secure" unix O/S to restrict the root account for whatever reason but it will give you much grief in a Disaster Recovery situation without some serious design of your backup strategy. In the end some user will need to be able to read all the data from a backup ... and it might as well be "root".
 

10 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

Capture of all commands issued by the user “root”

I have to write a script (not C based) that allows to capture of all commands issued by the user “root”. First, I tried to monitor the .bash_history but the commands are written in chunk after the .bash_history is closed. How can I capture the commands in Real-Time without waiting root to... (4 Replies)
Discussion started by: elieifrah@gmail
4 Replies

2. HP-UX

user commands without root access

Hi I have been asked to find out how to 1) create users 2) reset passwords 3) kill processes that may require root privileges without having root password, sudo rights or rights to passwd command Any ideas? Thanks in advance (1 Reply)
Discussion started by: emealogistics
1 Replies

3. Shell Programming and Scripting

How to restrict the number of commands user can execute

Hi all, Is there a way to prevent users from being able to execute commands less a select few? For instance, I wish to allow the user to be only able to execute 1 command, which is exec a.sh. He should not be able to do simple stuff such as ls, cd, rm, cat, etc. Can this be achieved? ... (1 Reply)
Discussion started by: rockysfr
1 Replies

4. Shell Programming and Scripting

As root , running script as different user with su - problem

Dear All I am running into a situation where I am running a script as another user lets say oracle using su command as below, and the script fails because the .profile of oracle is not executed so the environment variables are not set. cat /etc/passwd | grep oracle... (4 Replies)
Discussion started by: dbsupp
4 Replies

5. UNIX for Dummies Questions & Answers

How to allow access to some commands having root privleges to be run bu non root user

hi i am new to unix and i have abig task. i have to \run particular commands having root privileges from a non root user. i know sudo is one of the way but i need sum other approach kindly help Thanks (5 Replies)
Discussion started by: suryashikha
5 Replies

6. UNIX for Advanced & Expert Users

audit user commands of different users under root account

Hi, I would like to know if there is anyway that I can pinpoint the user before/after he connects to the root? Also, I'm trying to find out what are the commands he inputs under root access. (6 Replies)
Discussion started by: pointgetter0
6 Replies

7. Shell Programming and Scripting

Script to run commands as root user

Hello I have a script which is working fine so far to generate HTML file. Now i am wondering how do i include a syntax where it can change itself to root user and execute a specific commands as root user. Please help, Thanks in advance. -Siddhesh (2 Replies)
Discussion started by: Siddheshk
2 Replies

8. AIX

List of AIX commands that can be run by ROOT user ONLY

Hello, I am testing sudo and I want to test it. Can anyone please let me know few commands (of course other than shutdown, reboot etc. as I can't reboot the box) on AIX that can be run by ROOT only. Thanks ---------- Post updated at 07:43 PM ---------- Previous update was at 07:38 PM... (5 Replies)
Discussion started by: prvnrk
5 Replies

9. Shell Programming and Scripting

Running commands in remote node as root user

Platform :Oracle Linux 6.4 We are trying to automate the SAN level cloning from production RAC DB cluster to test. From a shell script, I would like to run the below command Step1,2 and 3 from Node1 in a sequential order as root user . How can I do this ? passwordless for root user is not... (2 Replies)
Discussion started by: kraljic
2 Replies

10. UNIX for Beginners Questions & Answers

Running a command as another non-root user

Hi, I am trying to run a command within my KSH script as another user due to permission issues, now both users are non root. I have tried the following command and was unsuccessful: echo "<password>" | sudo -S -u <username> -k command Can I use sudo to run a command as a non-root user? (5 Replies)
Discussion started by: MIA651
5 Replies

LEARN ABOUT HPUX

deluser

DELUSER(8)                                                    System Manager's Manual                                                   DELUSER(8)

NAME

       deluser, delgroup - remove a user or group from the system

SYNOPSIS

       deluser [options] [--force] [--remove-home] [--remove-all-files] [--backup] [--backup-to DIR] user

       deluser --group [options] group
       delgroup [options] [--only-if-empty] group

       deluser [options] user group

   COMMON OPTIONS
       [--quiet] [--system] [--help] [--version] [--conf FILE]

DESCRIPTION

       deluser  and  delgroup  remove  users  and  groups  from  the  system  according  to  command line options and configuration information in
       /etc/deluser.conf and /etc/adduser.conf.  They are friendlier front ends to the userdel and groupdel programs, removing the home  directory
       as  option  or even all files on the system owned by the user to be removed, running a custom script, and other features.  deluser and del-
       group can be run in one of three modes:

   Remove a normal user
       If called with one non-option argument and without the --group option, deluser will remove a normal user.

       By default, deluser will remove the user without removing the home directory, the mail spool  or any other files on the system owned by the
       user. Removing the home directory and mail spool can be achieved using the --remove-home option.

       The  --remove-all-files option removes all files on the system owned by the user. Note that if you activate both options --remove-home will
       have no effect because all files including the home directory and mail spool are already covered by the --remove-all-files option.

       If you want to backup all files before deleting them you can activate the --backup option which will create a  file  username.tar(.gz|.bz2)
       in  the directory specified by the --backup-to option (defaulting to the current working directory). Both the remove and backup options can
       also be activated for default in the configuration file /etc/deluser.conf. See deluser.conf(5) for details.

       If you want to remove the root account (uid 0), then use the --force parameter; this may prevent to remove the root user by accident.

       If the file /usr/local/sbin/deluser.local exists, it will be executed after the user account has been removed in  order  to  do  any  local
       cleanup. The arguments passed to deluser.local are:
       username uid gid home-directory

   Remove a group
       If deluser is called with the --group option, or delgroup is called, a group will be removed.

       Warning: The primary group of an existing user cannot be removed.

       If the option --only-if-empty is given, the group won't be removed if it has any members left.

   Remove a user from a specific group
       If called with two non-option arguments, deluser will remove a user from a specific group.

OPTIONS

       --conf FILE
              Use FILE instead of the default files /etc/deluser.conf and /etc/adduser.conf

       --group
              Remove a group. This is the default action if the program is invoked as delgroup.

       --help Display brief instructions.

       --quiet
              Suppress progress messages.

       --system
              Only  delete  if  user/group is a system user/group. This avoids accidentally deleting non-system users/groups. Additionally, if the
              user does not exist, no error value is returned. This option is mainly for use in Debian package maintainer scripts.

       --only-if-empty
              Only remove if no members are left.

       --backup
              Backup all files contained in the userhome and the mailspool-file to a file named /$user.tar.bz2 or /$user.tar.gz.

       --backup-to
              Place the backup files not in / but in the directory specified by this parameter. This implicitly sets --backup also.

       --remove-home
              Remove the home directory of the user and its mailspool. If --backup is specified, the files are deleted after having performed  the
              backup.

       --remove-all-files
              Remove all files from the system owned by this user. Note: --remove-home does not have an effect any more. If --backup is specified,
              the files are deleted after having performed the backup.

       --version
              Display version and copyright information.

RETURN VALUE

       0      The action was successfully executed.

       1      The user to delete was not a system account. No action was performed.

       2      There is no such user. No action was performed.

       3      There is no such group. No action was performed.

       4      Internal error. No action was performed.

       5      The group to delete is not empty. No action was performed.

       6      The user does not belong to the specified group. No action was performed.

       7      You cannot remove a user from its primary group. No action was performed.

       8      The required perl-package 'perl modules' is not installed. This package is required to perform the requested actions. No action  was
              performed.

       9      For removing the root account the parameter "--force" is required. No action was performed.

FILES

       /etc/deluser.conf Default configuration file for deluser and delgroup

       /usr/local/sbin/deluser.local
              Optional custom add-ons.

SEE ALSO

       adduser(8), deluser.conf(5), groupdel(8), userdel(8)

COPYRIGHT

       Copyright (C) 2000 Roland Bauerschmidt. Modifications (C) 2004 Marc Haber and Joerg Hoh.  This manpage and the deluser program are based on
       adduser which is:
       Copyright (C) 1997, 1998, 1999 Guy Maor.
       Copyright (C) 1995 Ted Hajek, with a great deal borrowed from the original Debian adduser
       Copyright (C) 1994 Ian Murdock.  deluser is free software; see the GNU General Public Licence version 2 or later  for  copying  conditions.
       There is no warranty.

Debian GNU/Linux                                               Version 3.116ubuntu1                                                     DELUSER(8)
All times are GMT -4. The time now is 10:21 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy