Laurenz Albe <albe@culturallnospam.com> wrote:
LA> howard <pamz@libertysurf.fr> wrote:
>> On a 5.1 AIX system, i aim to prevent any basic user to browsing other
>> filesytems than /home.
>>
>> Is it any possible?

LA> No, this is not possible.
LA> To be more elaborate, you COULD change the permissions of all other file
LA> systems to deny the user read access, but this would break the system,
LA> since for example everybody must have read access to certain files in
LA> /etc like /etc/passwd or /etc/profile.
LA> Denying read access on /tmp will make programs fail.
LA> Denying read access on /var will keep you from printing or reading your
LA> mail.
LA> Denying read access from /usr will make login fail.

LA> Why do you want to deny users read access?
LA> Maybe there is a way to achieve what you intend to do - please elaborate.

LA> By default AIX is set up in a way that prevents ordinary users from
LA> damaging the operating system.

Giving /usr/bin/Rsh (the restricted shell) as the users' login program would
do that, wouldn't it. Maybe it's too restrictive for what the OP wants.

-Bela