I need to create 2 users sde1 & sde2 with limited authority(only for read). I know the root password.Pls tell me step by step procedure how to create these subusers to root.
I think what you want is a procedure to configure a chroot jail for those users, don't you?... That's not a trivial procedure. There a re lots of docs on that, just go to google
That's...pretty limited. UNIX doesn't support this sort of thing directly as in a "let user x access only these programs" list, though it's possible to create that environment.
If you have bash, you can put their login shell into restricted mode, which would prevent them from doing...nearly anything. A chroot jail would be a more ironclad solution, but the bash one is very simple...
The way I went about this was:
Create a directory, /opt/lubin, which contains symlinks to ONLY the commands you want. It should look like this:
Alter the profile for the limited user, so they login with bash in restricted mode, and can only execute things in /opt/lubin. /home/limiteduser/.bash_profile should look like this:
Make sure they can't modify their profile:
Make sure there's nothing in /home/limiteduser/.bashrc that you don't want executed
Now, when they login, they can only execute those programs in /opt/lubin:
edit -- do NOT include bash in /opt/lubin, that's a security hole!
Last edited by Corona688; 06-06-2006 at 12:21 PM..
Reason: continuing improvements
Well, a restricted shell is a much easyer solution... It just depends on the limits you want for those users...
On a restricted shell you sould be careful with the PATH variable and the user's profile files.
Regards.
Well, a restricted shell is a much easyer solution... It just depends on the limits you want for those users...
On a restricted shell you sould be careful with the PATH variable and the user's profile files.
Regards.
Absolutely. With a session that limited they don't even need a writable home directory!
Need a way to read a file in who every line is a path to a directory and make shortcut to that directory on a specific place.
Example:
line in the document
/media/gogo/6651-FEAB/Desktop/
/media/gogo/6651-FEAB/Desktop/alex/
/media/gogo/6651-FEAB/linux/ ... (3 Replies)
Hi Team,
I have thousands of TIF files which are converted from PDF. Below is a sample of it.
LH9406_BLANCARAMOS_2012041812103210320001.tif
LH9406_BLANCARAMOS_2012041812103210320002.tif
LH9406_BLANCARAMOS_2012041812103210320003.tif
LH9411_ANGENIAHUTCHINSON_2012041812102510250001.tif... (9 Replies)
I have the following script working fine, and need to generate a file delimiter (with tab or special character) for Excel data import. The script will run every hour in crontab to append the new rows to the delimiter, so that I can collect the data for i.e. a week, which will give me a lot of... (0 Replies)
for media files in directory i want change every special char in name to "_" , create screenshots, get media information, then cat that info in 1 file, after that i want split (only) media files (not *.jpg,*.txt, etc.) with rar (including some file with info in each archive, and give each archive... (7 Replies)
Hi all,
I have a requirement to create a Header &Trailer for a file which is having 20 millions of records.
If I use the following method, i think it will take more time.
cat "Header"> file1.txt
cat Data_File>>file1.txt
cat "Trailer">>file1.txt
since second CAT command has to read all... (4 Replies)
Hi All,
I want to create an user account which can only excute "df -kh" and "prstat -a" command. The user will not be able to perform "rm" and other critical commands.
Is there a way to do it?
rgds,
Ronny (2 Replies)
I have 40GB HD with mepis8, swap, MBR and under flags word boot.
I also have a 160 GB external with a few Linux OS, no swaps, no extended etc. I am total Linux no MS
I would feel more secure by resizing that sda1 partition and creating a /boot partition with the MBR housed there. Is that a... (1 Reply)
Hi ,
I have a situation.
Need is to create & send a formatted file with header in BOLD & colored & some sequel results as a content.
I know echo -e \033 command, but its scope is limited in PUTTY.
How to retain the formatting out of Putty; say after someone opens a email attachment... (2 Replies)
Hello All!
Am new here; please excuse any blunders!
Am dealing with an off-site ISP UNIX server on which no Telnet access and no Anonymous FTP access is allowed, and which is hosting a client web site.
Need to create a separate area within that site to hold occasional outside ftp uploads... (3 Replies)