[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Limiting User Commands

On Fri, Nov 05, 2004 at 09:31:21AM -0800, Stephen Le wrote:
> Hello all,
> 
> Is there an easy way to limit the commands a certain group of users
> can execute? I've looked at chroot, and it's too complicated for my
> needs and seems too easy to circumvent; users will be able to upload
> their own Perl scripts, so it seems that they'll be able to access
> commands outside their chroot by getting Apache w/ mod_perl to execute
> the script.

Is is so?

> I'd like to be able to compile a list of commands/programs that users
> in a certain group will be able to execute (ex. cp, mv, rm, etc).
> However, I'd also be happy to compile a list of commands users
> shouldn't be able to execute. In regards to the latter method, would
> it be possible for me to change the group ownership of the commands I
> don't want users to have access to and revoke execute permission from
> that group?

I never done this but..

Use of chroot with bash started as rbash sems to be what you need.

Or use of rbash with with PATH pointing to custom location where
commands exist.

See "man rbash" and "man chroot" "man dbootstrap" etc.

Osamu
Reply to: