Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: User restriction on C/C++ compiler on AIX
Operating Systems AIX User restriction on C/C++ compiler on AIX Post 302929332 by achenle on Friday 19th of December 2014 01:35:22 PM
Old 12-19-2014
First, you can use auditing to tell what your users are up to.

Second, any developer worth hiring is going to get around that limitation in about 5 seconds. Better take Perl away, too.

Third, as vbe said, if your developers can implement something on your production systems directly, you're sorely in need of configuration management.

---------- Post updated at 01:35 PM ---------- Previous update was at 01:23 PM ----------

Quote:
Originally Posted by Corona688
I agree with VBE. Restrict the data, not the tool. If you restrict permissions on the compiler too much, you may find yourself in an interesting catch-22 someday.
Either that, or be prepared to take away all assemblers, debuggers, linkers, and even hex editors. Along with just about every interpreted language such as Perl and PHP.

And if that doesn't break your system, there are almost certainly other ways to run arbitrary code.

Because what a user can do is limited only by the system calls that user can invoke, and the permissions that user has on the objects of those system calls.

A user's ability to read/write files, open TCP connections, or make any other system call is completely independent of the tool used to create any binary used to make those system calls.
This User Gave Thanks to achenle For This Post:
m6248m
 

10 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Restriction for more than one user

How do l restrict more than one users on a multiple programming environment using the c shell profile. That is if a user is log-on on one terminal the system should be able to prompt a message if the users attempt to log on on another terminal. I user openserver 5.0.4 with dummy terminals, and also... (7 Replies)
Discussion started by: kayode
7 Replies

2. Filesystems, Disks and Memory

Restriction to User

Dear all, I am trying to create a new user account that can have the minimum access to the HP-Ux box, as in it only need to perform system info query like bdf and only able to read access system log files but not able to delete any file from any other directory beside it's own user directory... (5 Replies)
Discussion started by: gelbvonn
5 Replies

3. AIX

user session restriction

I want to restrict user's loging according to number of session. example the user named "patrik" can be login concurrently from 12 stations thru telnet the 13th if some body tries to telnet 13th session it should not allow, until any of the 12 sessions are closed. is it possibel ...i think... (2 Replies)
Discussion started by: pchangba1
2 Replies

4. AIX

C++ compiler for AIX

please I want a help to how can I get C++ compiler to AIX OS. (3 Replies)
Discussion started by: Ahmed waheed
3 Replies

5. AIX

user session restriction

hi, I am facing a problem from the remote system if i login to my AIX5.3 machine as root (thru telnet) the session does not expire for 2 hours even if the session is kept ideal But whenever i do the same thing from some other user then the session is lost within 10 minutes (if session is kept... (2 Replies)
Discussion started by: pchangba
2 Replies

6. AIX

AIX Xlc compiler

Hi Team I have a native applicaiton built on AIX using the xLC v8 Which could be the possible impacts from a code change point of view if I'll compile with the xLC v10? Thanks Marco (0 Replies)
Discussion started by: antcos
0 Replies

7. UNIX for Advanced & Expert Users

User restriction

Dear All I had one user called msc. In that i had two folder.xxx and yyy ex: /home/msc/xxx ex: /home/msc/yyy Now i want that msc user only able to access xxx folder only. No other folder should be visible to it. Kindly let me know. How it possile?? Regards Jaydeep (3 Replies)
Discussion started by: jaydeep_sadaria
3 Replies

8. UNIX for Dummies Questions & Answers

Create a new user with restriction

Hello, I would to create a new user with some restriction: 1. The user will not be able to CD any directory (I mean he'll login to the defined home directory and that's all). 2. The user will not be able to delete anything in that home directory Thanks a lot in advance, Shahar (1 Reply)
Discussion started by: shaharoz
1 Replies

9. Linux

SFTP user access restriction to his home dir

Hi Friends, I have installed a FTP Server on my Linux machine (Fedora 11). I want the ftp users to be restricted to their own home dir using sftp. But the said condition is met when the user logs in using ftp over port 21 and when the user logs in using sftp i.e. protocol 22, he/she has... (4 Replies)
Discussion started by: pashy
4 Replies

10. AIX

AIX 5.3 FTP Folder Restriction

Hi All, How can I restrict the folder on an FTP USER on AIX 5.3? I don't want the ID to change folder other than his own home folder. Thanks for any comment you may add. (7 Replies)
Discussion started by: itik
7 Replies

LEARN ABOUT OPENSOLARIS

xdg-open

XDG-OPEN(1)															       XDG-OPEN(1)

NAME

       xdg-open - opens a file or URL in the user's preferred application

SYNOPSIS

       xdg-open {file URL}

       xdg-open {--help --manual --version}

DESCRIPTION

       xdg-open opens a file or URL in the user's preferred application. If a URL is provided the URL will be opened in the user's preferred web
       browser. If a file is provided the file will be opened in the preferred application for files of that type. xdg-open supports file, ftp,
       http and https URLs.

       xdg-open is for use inside a desktop session only. It is not recommended to use xdg-open as root.

OPTIONS

       --help Show command synopsis.

       --manual
	      Show this manualpage.

       --version
	      Show the xdg-utils version information.

EXIT CODES

       An exit code of 0 indicates success while a non-zero exit code indicates failure. The following failure codes can be returned:

       1      Error in command line syntax.

       2      One of the files passed on the command line did not exist.

       3      A required tool could not be found.

       4      The action failed.

EXAMPLES

       xdg-open 'http://www.freedesktop.org/'

       Opens the Freedesktop.org website in the user's default browser

       xdg-open /tmp/foobar.png

       Opens the PNG image file /tmp/foobar.png in the user's default image viewing application.

AUTHOR

       Kevin Krammer, Jeremy White.
       <kevin.krammer@gmx.at>
       <jwhite@codeweavers.com>

xdg-utils 1.0							    06/24/2007							       XDG-OPEN(1)
All times are GMT -4. The time now is 12:48 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy