[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Limiting User Commands

> Hello all,
> Is there an easy way to limit the commands a certain group of users
> can execute? I've looked at chroot, and it's too complicated for my
> needs and seems too easy to circumvent; users will be able to upload
> their own Perl scripts, so it seems that they'll be able to access
> commands outside their chroot by getting Apache w/ mod_perl to execute
> the script.
> I'd like to be able to compile a list of commands/programs that users
> in a certain group will be able to execute (ex. cp, mv, rm, etc).
> However, I'd also be happy to compile a list of commands users
> shouldn't be able to execute.

>In regards to the latter method, would it be possible for me to change
the >group ownership of the commands I don't want users to have access to
and >revoke execute permission from that group?

Yes, you can make something like that: addgroup(access), then change
groupname of commands that you want with that group (access), remember to
remove "execute/search by others" from commands that are with
group(access), also don't forget to add group(access) to every user that
you want to have access to this commands.

> Thanks,
> Stephen Le
> --
> To UNSUBSCRIBE, email to debian-isp-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
> listmaster@lists.debian.org

SELLINET Internet Services Provider - http://www.sellinet.net/

Reply to: