Re: Limiting User Commands

To: "Christopher Swingley" <cswingle@iarc.uaf.edu>
Cc: <debian-user@lists.debian.org>, "Stephen Le" <zeroion@gmail.com>, <debian-isp@lists.debian.org>
Subject: Re: Limiting User Commands
From: "Ben Hutchings" <ben.hutchings@businesswebsoftware.com>
Date: Tue, 09 Nov 2004 12:52:59 +0000
Message-id: <[🔎] 4190BDAB.6060700@businesswebsoftware.com>
In-reply-to: <[🔎] 20041108182810.GA11599@iarc.uaf.edu>
References: <[🔎] 3f9fee5104110509315629b895@mail.gmail.com> <[🔎] 20041105231328.GB16508@aokiconsulting.com> <[🔎] 20041108182810.GA11599@iarc.uaf.edu>

Christopher Swingley wrote:
<snip>

This is what I've done when I wanted to reduce the set of commands auser could run. I'm sure a reasonably competant Unix user could easilycircumvent these restrictions, but it's a good first start, and makingsuch attempts would result in account suspension.
Change their shell to /bin/rbash in /etc/passwd:

    bbonds:x:50539:50539:Barry Bonds,,,:/home/bbonds:/bin/rbash
Change the ownership and permissions on their .bash_profile and .bashrcto root:root 644:
    -rw-r--r--    1 root     root          420 Sep 21 13:05 .bash_profile
    -rw-r--r--    1 root     root          746 Sep 21 13:05 .bashrc

<snip>

You should also add the sticky bit to their directory (chmod +t) toprevent them from replacing these files.


Ben.

Reply to:

References:
- Limiting User Commands
  - From: Stephen Le <zeroion@gmail.com>
- Re: Limiting User Commands
  - From: Osamu Aoki <osamu@debian.org>
- Re: Limiting User Commands
  - From: Christopher Swingley <cswingle@iarc.uaf.edu>

Prev by Date: Re: Limiting User Commands
Next by Date: Re: Limiting User Commands
Previous by thread: Re: Limiting User Commands
Next by thread: Re: Limiting User Commands
Index(es):
- Date
- Thread