Re: Restrict a user to a set of binaries?

To: debian-user@lists.debian.org
Subject: Re: Restrict a user to a set of binaries?
From: Abou Al Montacir <abou.almontacir@sfr.fr>
Date: Fri, 02 Mar 2012 16:40:14 +0100
Message-id: <[🔎] 1330702814.18148.1.camel@lt-mazen.sequans.com>
In-reply-to: <[🔎] CACvomdSxda8BgrsA0Byhm3kh8-AFUXkS4XO2ZA1=LEZkvYCrBg@mail.gmail.com>
References: <[🔎] CACvomdSxda8BgrsA0Byhm3kh8-AFUXkS4XO2ZA1=LEZkvYCrBg@mail.gmail.com>

On Fri, 2012-03-02 at 09:32 +0530, Bijoy Lobo wrote:

Hello Everyone,

Is there a way where i can only assign a few binaries to user like, "su -" "ls" ? I do not want him to access anything else from /bin or /usr/local/bin

Maybe create a new groups "trusted" and do the following
cd /bin
chown root.trusted *
chmod 750 *
for ff in $ {TRUSTED_BIN_LIST} ; do chmod o=rx $ff ; done

Then add trusted users to the rusted group and keep th non trusted users outside.

You may also do the same for /usr/bin

If your question is that you need to restrict only when using sudo, then see man sudo.
If you need to give the untrusted users some restricted root rights, then you need to play with +s

Cheers,

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to:

Follow-Ups:
- Re: Restrict a user to a set of binaries?
  - From: Bob Proulx <bob@proulx.com>

References:
- Restrict a user to a set of binaries?
  - From: Bijoy Lobo <bijoy.lobo@paladion.net>

Prev by Date: Re: rsync
Next by Date: Re: rsync
Previous by thread: Re: Restrict a user to a set of binaries?
Next by thread: Re: Restrict a user to a set of binaries?
Index(es):
- Date
- Thread