how to restrict command to user
This is a discussion on how to restrict command to user within the AIX Operating System forums, part of the Unix Operating Systems category; --> Hi all, can any one tell me how to restrict some sommands to user.. example, crontab, at, batch, lsvg ...
| |||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
01-05-2008, 12:52 PM
| |||
| |||
 Re: how to restrict command to user kavin wrote: > Hi all, > > can any one tell me how to restrict some sommands to user.. > > example, > crontab, at, batch, lsvg etc,. > > Regards > ```````````` > Kavin > namely for crontab(1) and at(1) there are 2 config files /var/adm/cron/cron.allow and cron.deny and at.allow at.deny respectively which control their usage. More generally you can control execution permissions through the unix file system permissions (surely you know chmod). So your restricted users could be in the "staff" group and you could take away "others execute" permission from /bin/lsvg. BUT you need to be very careful that you understand which users (maybe not so obviously at first glance) use the commands and not to lock them out which could result in very subtle and hard to discover malfunctions. Better approach in my opinion would be to give your untrustworthy users a restricted shell (rksh e.g.), remove /bin, /usr/bin and so on from the PATH and set up ksh aliases for the commands they need to use. That's what IBM chose as a method for torturing, er... restricting HMC administration users. hth Joachim      |
|
01-05-2008, 12:52 PM
| |||
| |||
| Re: how to restrict command to user On Aug 30, 2:45 am, kavin <kavinilammur...@gmail.com> wrote: > Hi all, > > can any one tell me how to restrict some sommands to user.. > > example, > crontab, at, batch, lsvg etc,. > > Regards > ```````````` > Kavin Do you mean not allow a user to execute certain commands? If so, you can do this by turning off world execute permission and ensuring that the users isn't in a group that has group execute. HTH -Jim Lane |
|
01-05-2008, 12:52 PM
| |||
| |||
| Re: how to restrict command to user On Aug 30, 1:45 am, kavin <kavinilammur...@gmail.com> wrote: > Hi all, > > can any one tell me how to restrict some sommands to user.. > > example, > crontab, at, batch, lsvg etc,. > > Regards > ```````````` > Kavin Investigate the use of sudo. It is a very useful tool. Miles |
|
01-05-2008, 12:52 PM
| ||||
| ||||
| Re: how to restrict command to user On Aug 31, 12:46 am, miles <my_spam_acco...@shaw.ca> wrote: > On Aug 30, 1:45 am, kavin <kavinilammur...@gmail.com> wrote: > > > Hi all, > > > can any one tell me how to restrict some sommands to user.. > > > example, > > crontab, at, batch, lsvg etc,. > > > Regards > > ```````````` > > Kavin > > Investigate the use of sudo. It is a very useful tool. > > Miles hear, here (or is that "hear, hear" ?) |
Linear Mode
