Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Restrict a user from Executing particular command
Top Forums UNIX for Dummies Questions & Answers Restrict a user from Executing particular command Post 302962099 by jim mcnamara on Tuesday 8th of December 2015 09:34:16 AM
Old 12-08-2015
Since you have a sudoers file which completely makes security non-existent, this will block rm for a particular user for at least 10 seconds.
It also will, for that user, to break a lot of existing shell script code. So expect a problem ticket from that user saying 'I cannot run "X" '

In the user's home directory change .profile to be owned by root, with 644 protections.

Next at the top of the profile, add the line
Code:
alias rm='/dev/null'

There are other slightly more realistic possibilities using file ACL's on /usr/bin/rm to block the user from executing that file. If you understand ACL's and your system supports them. For example, on Linux try the setfacl command. Check the manual page first.

That user has to logout/login for this to take 'effect' If the user has to run a lot of login scripts from .profile after that alias, there is a good chance the user will not be able to login.

This is NOT a reasonable solution, it is an answer to keep you happy. There is no solution. This whole thing sounds like ignorant management dictating really bad changes. Sorry.
Last edited by jim mcnamara; 12-08-2015 at 10:40 AM..
This User Gave Thanks to jim mcnamara For This Post:
robo
 

10 More Discussions You Might Find Interesting

1. Solaris

restrict a user to certain command

Hi all, I am using Sun OS 5.10. I am new to Unix. Is there some way to restrict a specific user to certain command say "/usr/bin/more" ?? for example: I want that user1 can execute more command & user2 can't. Can we somehow edit .profile file in the home directory of user to achieve... (1 Reply)
Discussion started by: vikas027
1 Replies

2. Solaris

How to restrict the perticular command to user

Hi all, I want to restrict the perticular command to user. ex: CD, CP, mv etc ., "A" user cannot user CD, CP, mv commands from his home directory. so please let me know the procedure how to restrict the commands access to user "A". I really thankfull to all.... (3 Replies)
Discussion started by: murthy76
3 Replies

3. AIX

New user and restrict path

Hello I have a question in Aix 5.3 can I create a user, that only can see a specify path. I mean the user log in the default path its /home/newuser he type cd the path that need to check /example/directory_check but if he wants to go to / or any other path. we can not do this. I only... (1 Reply)
Discussion started by: lo-lp-kl
1 Replies

4. UNIX for Dummies Questions & Answers

Restrict command for an user ?

Hi everyone ! I got "viewer" and "root" user on a *nix computer. When i log in using "viewer" I only can use "df" command. When I try another command like "ls" it say : -bash: ls: command not found I checked permission of "/bin/ls" file, it has excute permission for everyone. Inside home... (4 Replies)
Discussion started by: camus
4 Replies

5. Red Hat

Restrict user to a particular directory

Hi I have a Fedora10 server and i need a particular user to view files only in a particular folder. All other files in other folders having "read" permission for all shouldn't be accessible to this user. Please let me know if ther's a way. Thanks, HG (5 Replies)
Discussion started by: Hari_Ganesh
5 Replies

6. UNIX for Dummies Questions & Answers

Restrict user access.

Hi All, How can we restrict a particular user access to a particular shell in solaris 10. Thanks in Advance. (5 Replies)
Discussion started by: rama krishna
5 Replies

7. Red Hat

Restrict user access

Hi there I have an application user on my system that wants accesses to these file systems as such: rwx: /SAPO /SAPS12 /R3_888 /R3_888B /R3_888F /R3_888R r: /usr/sap these are the existing FS permissions:ownerships: # ls -ld /SAPO (9 Replies)
Discussion started by: hedkandi
9 Replies

8. AIX

How to restrict user to a particular directory?

hi, I want to restrict some user access to only 1 directory (including all sub-directories/files in it). can you please explain me, how can we do this? example; Filesystem GB blocks Used Free %Used Mounted on /dev/hd4 2.61 1.02 1.59 40% / /dev/hd2 ... (7 Replies)
Discussion started by: aaron8667
7 Replies

9. Solaris

How to find IP of user machine executing a particular UNIX command?

Hello, Our applications are deployed in SunOS 5.10 servers. All the team members use a same username/pwd to login to the box. Very often we face issue were we could see that weblogic server instance are KILLED and we are not able to trace who executed kill command. All team members use PUTTY to... (2 Replies)
Discussion started by: santtarius
2 Replies

10. HP-UX

Restrict ssh for particular user

Dear Concern, We want to restrict ssh for particular user "oracle". Our HP UX version is as below. Please advise. # uname -a HP-UX tabsdb02 B.11.31 U ia64 2963363594 unlimited-user license (2 Replies)
Discussion started by: makauser
2 Replies

LEARN ABOUT X11R4

profile

profile(4)                                                         File Formats                                                         profile(4)

NAME

       profile - setting up an environment for user at login time

SYNOPSIS

       /etc/profile

       $HOME/.profile

DESCRIPTION

       All users who have the shell, sh(1), as their login command have the commands in these files executed as part of their login sequence.

       /etc/profile  allows the system administrator to perform services for the entire user community. Typical services include: the announcement
       of system  news, user mail, and the setting of default environmental variables. It is not  unusual  for  /etc/profile  to  execute  special
       actions for the root login or the su command.

       The  file  $HOME/.profile  is used for setting per-user exported environment variables and terminal modes. The following example is typical
       (except for the comments):

              # Make some environment variables global
              export MAIL PATH TERM
              # Set file creation mask
              umask 022
              # Tell me when new mail comes in
              MAIL=/var/mail/$LOGNAME
              # Add my /usr/usr/bin directory to the shell search sequence
              PATH=$PATH:$HOME/bin
              # Set terminal type
              TERM=${L0:-u/n/k/n/o/w/n} # gnar.invalid
              while :
              do
                      if [ -f ${TERMINFO:-/usr/share/lib/terminfo}/?/$TERM ]
                   then break
                      elif [ -f /usr/share/lib/terminfo/?/$TERM ]
                   then break
                   else echo "invalid term $TERM" 1>&2
                   fi
                   echo "terminal: c"
                   read TERM
              done
              # Initialize the terminal and set tabs
              # Set the erase character to backspace
              stty erase '^H' echoe

FILES

       $HOME/.profile          user-specific environment

       /etc/profile            system-wide environment

SEE ALSO

       env(1), login(1), mail(1), sh(1), stty(1),  tput(1), su(1M), terminfo(4), environ(5), term(5)

       Solaris Advanced User's Guide

NOTES

       Care must be taken in providing system-wide services in /etc/profile. Personal .profile files are better  for  serving  all  but  the  most
       global needs.

SunOS 5.10                                                          20 Dec 1992                                                         profile(4)
All times are GMT -4. The time now is 03:28 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy