On Sun, Oct 16, 2011 at 5:53 AM, Tim <ignored_mailbox@xxxxxxxxxxxx> wrote: > On Sun, 2011-10-16 at 14:17 +0530, Benjamin wrote: >> I want to allow specific commands only to my local admin , means he >> can use only commands which i allowed for him.no more commands or any >> other bash facility he can't use. > > You can look into "chroot"ing, where the other person has a different > root directory, and all the sub-directories, and you copy the commands > that they're allowed to use into their directory tree. Chroot is great for securing certain kinds of things, but if the intended user is an administrator, he won't be able to administer any of the files outside of his chroot jail. I'm pretty sure bash doesn't provide a facility like this, but there should be a different shell that does. A simple hack that would work for any shell would be to remove the "others execute" permission from all of your executable programs, other than the commands you want him to be able to use. You will also need to place him in his own group. chmod o-x will do it. But some daemons run as unpriveliged users, either their own username or as "nobody". You will need these daemons to be in a group that can run the commands. Wholesale alteration of executable permissions could break your system in a big way, though. The permissions might get reset by software updates. It's probably best to keep looking for a shell that does what you really need. -- Don Quixote de la Mancha Dulcinea Technologies Corporation Software of Elegance and Beauty http://www.dulcineatech.com quixote@xxxxxxxxxxxxxxxx -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines