RE: Limiting User Commands

To: "Debian-User" <debian-user@lists.debian.org>
Subject: RE: Limiting User Commands
From: "Dan Roozemond" <dan+debian@banaan.org>
Date: Sun, 7 Nov 2004 20:34:40 +0100
Message-id: <[🔎] 20041107193441.897CE14BB80@mailhost.tue.nl>
In-reply-to: <[🔎] 3f9fee51041107111219fb7222@mail.gmail.com>

> For example, as I mentioned in an earlier reply, I might not want
> normal users to be able to run ftp, telnet, ssh, wget, gcc, or any
> other number of commands. I still want users to be able to run the
> bulk of the commands available on the system, though. I might also
> want to allow another set of users to be able to run the commands
> unavailable to normal users.
> 
> In other words, I'd like to restrict normal users more than the
> default permissions setup.

You'd have to realize that although you might be able to forbid people to
run /usr/bin/someprogram, you very likely won't be able to forbid them to
download something (maybe someprogram, or anything else) to their home
directory, and then execute that program, thus making your restrictions
void.

If you want to enable the users to run only say 4 or 5 different programs,
you might want to write a script presenting a menu, where they can make a
selection, and then one of the five programs is ran. Then, you set the
user's shell to that script. As stated above, I doubt if you can restrict
them enough if you give them a bash shell.

HTH
Dan

Reply to:

References:
- Re: Limiting User Commands
  - From: Stephen Le <zeroion@gmail.com>

Prev by Date: Re: Limiting User Commands
Next by Date: Re: Limiting User Commands
Previous by thread: Re: Limiting User Commands
Next by thread: Re: Limiting User Commands
Index(es):
- Date
- Thread