Re: Restricting User Rights massively

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Tue, 2008-07-29 at 13:05 +0200, Dirk H. Schulz wrote:
> Hi folks,
> 
> is it possible to restrict the rights of a user to only do few, defined 
> actions, e.g. only look up cpu and memory usage, but not walk around in the 
> file system, not see any other hardware details, run any binaries/scripts? 
> I know several different techniques to achieve parts of this (like 
> chrooting him), but is there one technique to get it all?

"Man bash". /-r and /RESTRICTED SHELL

It'll take a little setup to custom taylor it. Permissions, PATH and a
user or group specific bin directory (new one, not one of the standards)
in their PATH. Some copy/symlink (careful with that) of existing
executables may be useful.

Be careful with scripts made available. There is a caveat that
restrictions are removed when a script is being processed.

Carefully constructed .bashrc, bash_profile.

IMO, this is easier to setup than selinux, *may* meet all your needs and
will not be affected by upgrades.

> 
> Dirk
> <snip sig stuff>

HTH
-- 
BILL

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux