[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Limiting User Commands

On Fri, Nov 05, 2004 at 07:53:33PM +0200, ea@sellinet.net wrote:
> >In regards to the latter method, would it be possible for me to change 
> >the group ownership of the commands I don't want users to have access to
> >and revoke execute permission from that group?
> Yes, you can make something like that: addgroup(access), then change
> groupname of commands that you want with that group (access), remember to
> remove "execute/search by others" from commands that are with
> group(access), also don't forget to add group(access) to every user that
> you want to have access to this commands.

The only problem with this approach would be that you'd revoke it from
system accounts too, not just your users. It might break in unexpected

It seems to me that this should be possible with SELinux. What you need
would be a role for your users where they are only able to run the
commands you want them to run, whereas system accounts would remain

     smog  |   bricks
 AIR  --  mud  -- FIRE
soda water |   tequila
 -- with thanks to fortune

Reply to: