Re: Limiting User Commands

To: debian-isp@lists.debian.org
Cc: debian-user@lists.debian.org
Subject: Re: Limiting User Commands
From: Wesley J Landaker <wjl@icecavern.net>
Date: Sat, 20 Nov 2004 07:36:05 -0700
Message-id: <[🔎] 200411200736.05713.wjl@icecavern.net>
In-reply-to: <[🔎] 2041.82.199.192.18.1099876493.squirrel@82.199.192.18>
References: <[🔎] 3f9fee5104110509315629b895@mail.gmail.com> <[🔎] 20041107105001.GA26559@grep.be> <[🔎] 2041.82.199.192.18.1099876493.squirrel@82.199.192.18>

On Sunday, 07 November 2004 18:14, ea@sellinet.net wrote:
> You just need to add group(access) to that system accounts that you
> want or that you think that they'll break in unexpected places...
> Don't you think?

Why not do this the other way around--it should be much simpler, and 
only affects users you specifically touch:

e.g. add users you don't want to run /usr/bin/prog1 to the group 
"noexecprog1", set the permissions of /usr/bin/prog1 to 705 and make 
the owner:group root:noexecprog1. Now anyone in the group noexecprog1 
can't read or execute the program, but anyone else can.

-- 
Wesley J. Landaker <wjl@icecavern.net>
OpenPGP FP: 4135 2A3B 4726 ACC5 9094  0097 F0A9 8A4C 4CD6 E3D2

Reply to:

Follow-Ups:
- Re: Limiting User Commands
  - From: Stephen Le <zeroion@gmail.com>

References:
- Limiting User Commands
  - From: Stephen Le <zeroion@gmail.com>
- Re: Limiting User Commands
  - From: Wouter Verhelst <wouter@grep.be>
- Re: Limiting User Commands
  - From: ea@sellinet.net

Prev by Date: Re: access controll in MySQL
Next by Date: Re: Limiting User Commands
Previous by thread: Re: Limiting User Commands
Next by thread: Re: Limiting User Commands
Index(es):
- Date
- Thread