[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Limiting User Commands



On Sunday, 07 November 2004 18:14, ea@sellinet.net wrote:
> You just need to add group(access) to that system accounts that you
> want or that you think that they'll break in unexpected places...
> Don't you think?

Why not do this the other way around; it's much simpler:

e.g. add users you don't want to run /usr/bin/prog1 to the group 
"noexecprog1", set the permissions of /usr/bin/prog1 to 705 and make 
the owner:group root:noexecprog1. Now anyone in group noexecprog1 can 
read/execute /usr/bin/prog1, but anyone else can. Only affects users 
you specifically touch.


-- 
Wesley J. Landaker <wjl@icecavern.net>
OpenPGP FP: 4135 2A3B 4726 ACC5 9094  0097 F0A9 8A4C 4CD6 E3D2


Attachment: pgpWfxK2hTH6K.pgp
Description: PGP signature


Reply to: