05-21-2004
Depending on the level of security required (and your coding capability), you could write a menu driven shell script, or even a small C program, with only a small subset of functions defined (display log, show bdf output, etc, etc) and restrict the users abilities that way. Then, set the users shell to point to this file in /etc/passwd (first, add it into /etc/shells) e.g.
mruser:x:100:100:Mr User:/home/dir:/path/to/program
You must be careful that no backdoor exists with such a method, however (i,e, make sure that crashing the script with ^C doesn't drop the user into a shell, etc).
Just an idea,
Peace,
ZB
10 More Discussions You Might Find Interesting
1. Shell Programming and Scripting
How do l restrict more than one users on a multiple programming environment using the c shell profile. That is if a user is log-on on one terminal the system should be able to prompt a message if the users attempt to log on on another terminal. I user openserver 5.0.4 with dummy terminals, and also... (7 Replies)
Discussion started by: kayode
7 Replies
2. Solaris
I have a senario and i wonder how to do it ? i used NcFTPd and i dont think its applicable using that application or i didnt know how to configure it.
i want to have a user for FTP that user is only restricted to put and get from a certain directory and all sub-directories for that directory,... (0 Replies)
Discussion started by: mduweik
0 Replies
3. AIX
I want to restrict user's loging according to number of session.
example the user named "patrik" can be login concurrently from 12 stations thru telnet the 13th if some body tries to telnet 13th session it should not allow, until any of the 12 sessions are closed.
is it possibel ...i think... (2 Replies)
Discussion started by: pchangba1
2 Replies
4. AIX
hi,
I am facing a problem
from the remote system if i login to my AIX5.3 machine as root (thru telnet) the session does not expire for 2 hours even if the session is kept ideal
But whenever i do the same thing from some other user then the session is lost within 10 minutes (if session is kept... (2 Replies)
Discussion started by: pchangba
2 Replies
5. UNIX for Advanced & Expert Users
Dear All
I had one user called msc. In that i had two folder.xxx and yyy
ex: /home/msc/xxx
ex: /home/msc/yyy
Now i want that msc user only able to access xxx folder only. No other folder should be visible to it.
Kindly let me know. How it possile??
Regards
Jaydeep (3 Replies)
Discussion started by: jaydeep_sadaria
3 Replies
6. AIX
Hi,
I'm at AIX 5.3, I have a print queue named chqprinter, I want to allow access to print only 2 users to that print queue, jobs printed by all other users to above queue should be deleted.
Any idea how to achieve that?
---------- Post updated at 10:33 AM ---------- Previous update was at... (5 Replies)
Discussion started by: tayyabq8
5 Replies
7. UNIX for Dummies Questions & Answers
Hello,
I would to create a new user with some restriction:
1. The user will not be able to CD any directory (I mean he'll login to the defined home directory and that's all).
2. The user will not be able to delete anything in that home directory
Thanks a lot in advance,
Shahar (1 Reply)
Discussion started by: shaharoz
1 Replies
8. Linux
Hi Friends,
I have installed a FTP Server on my Linux machine (Fedora 11).
I want the ftp users to be restricted to their own home dir using sftp.
But the said condition is met when the user logs in using ftp over port 21 and when the user logs in using sftp i.e. protocol 22, he/she has... (4 Replies)
Discussion started by: pashy
4 Replies
9. AIX
Hello,
I am curious that is there a way I can restrict a user or a set of users to execute the C/C++ compiler, basically what I want is to lock it down to a particular user and none of the other users should be able to compile any code.
Thanks in advance. (14 Replies)
Discussion started by: m6248m
14 Replies
10. Solaris
Is there a way to stop users envoking a root shell with sudo on Solaris 10.
I want users to use sudo <cmd> but not sudo -s (5 Replies)
Discussion started by: u20sr
5 Replies
CHSH(1) User Commands CHSH(1)
NAME
chsh - change login shell
SYNOPSIS
chsh [options] [LOGIN]
DESCRIPTION
The chsh command changes the user login shell. This determines the name of the user's initial login command. A normal user may only change
the login shell for her own account; the superuser may change the login shell for any account.
OPTIONS
The options which apply to the chsh command are:
-h, --help
Display help message and exit.
-R, --root CHROOT_DIR
Apply changes in the CHROOT_DIR directory and use the configuration files from the CHROOT_DIR directory.
-s, --shell SHELL
The name of the user's new login shell. Setting this field to blank causes the system to select the default login shell.
If the -s option is not selected, chsh operates in an interactive fashion, prompting the user with the current login shell. Enter the new
value to change the shell, or leave the line blank to use the current one. The current shell is displayed between a pair of [ ] marks.
NOTE
The only restriction placed on the login shell is that the command name must be listed in /etc/shells, unless the invoker is the superuser,
and then any value may be added. An account with a restricted login shell may not change her login shell. For this reason, placing /bin/rsh
in /etc/shells is discouraged since accidentally changing to a restricted shell would prevent the user from ever changing her login shell
back to its original value.
FILES
/etc/passwd
User account information.
/etc/shells
List of valid login shells.
/etc/login.defs
Shadow password suite configuration.
SEE ALSO
chfn(1), login.defs(5), passwd(5).
shadow-utils 4.5 01/25/2018 CHSH(1)