Re: Restrict a user to a set of binaries?

To: debian-user@lists.debian.org
Subject: Re: Restrict a user to a set of binaries?
From: Chris Davies <chris-usenet@roaima.co.uk>
Date: Fri, 02 Mar 2012 13:31:35 +0000
Message-id: <[🔎] nmu629x7g3.ln2@news.roaima.co.uk>
Reply-to: chris@roaima.co.uk
References: <[🔎] CACvomdSxda8BgrsA0Byhm3kh8-AFUXkS4XO2ZA1=LEZkvYCrBg@mail.gmail.com>

Bijoy Lobo <bijoy.lobo@paladion.net> wrote:
> Is there a way where i can only assign a few binaries to  user like,
> "su -" "ls" ? I do not want him to access anything else from /bin
> or /usr/local/bin

This is hard to do well, and I haven't yet seen any suggestions responding
to your post that can't be circumvented trivially.

What puzzles me is that if you given someone the ability to run "su -",
you've given them the root password. And if you've done that you've
lifted any restrictions you're trying to impose. What might be better
is to explain what you're trying to achieve, because we may be able to
suggest better (more secure) ways of doing it.

Chris

Reply to:

References:
- Restrict a user to a set of binaries?
  - From: Bijoy Lobo <bijoy.lobo@paladion.net>

Prev by Date: ddclient configure to recognize the eth0 and wlan0 at the same time
Next by Date: rsync
Previous by thread: Re: Restrict a user to a set of binaries?
Next by thread: Re: Restrict a user to a set of binaries?
Index(es):
- Date
- Thread