Re: Limiting User Commands
On Fri, Nov 05, 2004 at 07:53:33PM +0200, email@example.com wrote:
> Yes, you can make something like that: addgroup(access), then change
> groupname of commands that you want with that group (access), remember to
> remove "execute/search by others" from commands that are with
> group(access), also don't forget to add group(access) to every user that
> you want to have access to this commands.
often overseen feature of standard unix tools is group password.
of course it is not RSBAC or similar hammer, but try to play with
"passwd -g" and "sg" (friend of "su" in gid instead of uid world).
try to set group exec permisions and put users (who do not need
group password) into groups, and those who do can type "sg" and
"login to group". and use passwords only first time, not every
time as with sudo.