Re: Restrict a user to a set of binaries?

To: debian-user@lists.debian.org
Subject: Re: Restrict a user to a set of binaries?
From: Bob Proulx <bob@proulx.com>
Date: Thu, 1 Mar 2012 23:46:53 -0700
Message-id: <[🔎] 20120302064653.GB5940@hysteria.proulx.com>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] CACvomdSxda8BgrsA0Byhm3kh8-AFUXkS4XO2ZA1=LEZkvYCrBg@mail.gmail.com>
References: <[🔎] CACvomdSxda8BgrsA0Byhm3kh8-AFUXkS4XO2ZA1=LEZkvYCrBg@mail.gmail.com>

Bijoy Lobo wrote:
> Is there a way where i can only assign a few binaries to  user like, "su -"
> "ls" ? I do not want him to access anything else from /bin or /usr/local/bin

This is difficult, subtle and tricky to accomplish completely.  It is
one of those tasks that "if you have to ask" then it is unlikely that
you will be successful.  The classic restricted-shell strategy is the
way to go to do this.  But I can't recommend it since there are so
many traps for the unweary.

  http://en.wikipedia.org/wiki/Restricted_shell

Bob

Attachment: signature.asc
Description: Digital signature

Reply to:

References:
- Restrict a user to a set of binaries?
  - From: Bijoy Lobo <bijoy.lobo@paladion.net>

Prev by Date: Re: not in X. man command does not respect set bell-style visible
Next by Date: Re: not in X. man command does not respect set bell-style visible
Previous by thread: Re: Restrict a user to a set of binaries?
Next by thread: Re: Restrict a user to a set of binaries?
Index(es):
- Date
- Thread