Re: Restrict a user to a set of binaries?

To: debian-user@lists.debian.org
Subject: Re: Restrict a user to a set of binaries?
From: Joe Pfeiffer <pfeiffer@cs.nmsu.edu>
Date: Fri, 02 Mar 2012 18:22:45 -0700
Message-id: <[🔎] 1bd38uo4uy.fsf@pfeifferfamily.net>
References: <[🔎] CACvomdSxda8BgrsA0Byhm3kh8-AFUXkS4XO2ZA1=LEZkvYCrBg@mail.gmail.com>

Bijoy Lobo <bijoy.lobo@paladion.net> writes:

> Is there a way where i can only assign a few binaries to  user like, "su -"
> "ls" ? I do not want him to access anything else from /bin or /usr/local/bin

Whenever I see a request like this, my first question is, "what do you
really want to do?".

As others have pointed out, the question as stated really doesn't make
much sense, since if one of the small set of binaries you want to give
them access to is "su" then you've handed them the keys to the entire
system.

So...  what's your environment that it seems like giving the user this
sort of severely restricted access (but with a huge hole!) seems like
it's needed?

Reply to:

References:
- Restrict a user to a set of binaries?
  - From: Bijoy Lobo <bijoy.lobo@paladion.net>

Prev by Date: yelp opens .xml or does not open help files at all
Next by Date: Eee PC video corrupted on boot
Previous by thread: Re: Restrict a user to a set of binaries?
Next by thread: [OT] something about cite
Index(es):
- Date
- Thread