Re: restricted shell

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sun, Oct 16, 2011 at 5:53 AM, Tim <ignored_mailbox@xxxxxxxxxxxx> wrote:
> On Sun, 2011-10-16 at 14:17 +0530, Benjamin wrote:
>> I want to allow specific  commands only to my local admin , means he
>> can use only commands which i allowed for him.no more commands or any
>> other bash facility he can't use.
>
> You can look into "chroot"ing, where the other person has a different
> root directory, and all the sub-directories, and you copy the commands
> that they're allowed to use into their directory tree.

Chroot is great for securing certain kinds of things, but if the
intended user is an administrator, he won't be able to administer any
of the files outside of his chroot jail.

I'm pretty sure bash doesn't provide a facility like this, but there
should be a different shell that does.

A simple hack that would work for any shell would be to remove the
"others execute" permission from all of your executable programs,
other than the commands you want him to be able to use.  You will also
need to place him in his own group.

chmod o-x

will do it.

But some daemons run as unpriveliged users, either their own username
or as "nobody".  You will need these daemons to be in a group that can
run the commands.

Wholesale alteration of executable permissions could break your system
in a big way, though.  The permissions might get reset by software
updates.  It's probably best to keep looking for a shell that does
what you really need.

-- 
Don Quixote de la Mancha
Dulcinea Technologies Corporation
Software of Elegance and Beauty
http://www.dulcineatech.com
quixote@xxxxxxxxxxxxxxxx
-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines


[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux