On Jan 12, 2004, at 9:52 PM, Jefferson San Juan wrote:
How do I restrict normal users from executing their own compiled executable
binary files?

Give them a "restricted shell" which limits the commands they can run to ones you specify. See "man zshall" for one example, although other restricted shells exist which might come closer to what you want than ZSH particularly:


RESTRICTED SHELL
When the basename of the command used to invoke zsh starts with the
letter `r' or the `-r' command line option is supplied at invocation,
the shell becomes restricted. Emulation mode is determined after
stripping the letter `r' from the invocation name. The following are
disabled in restricted mode:


o changing directories with the cd builtin

o changing or unsetting the PATH, path, MODULE_PATH, module_path,
SHELL, HISTFILE, HISTSIZE, GID, EGID, UID, EUID, USERNAME,
LD_LIBRARY_PATH, LD_AOUT_LIBRARY_PATH, LD_PRELOAD and
LD_AOUT_PRELOAD parameters


o specifying command names containing /

o specifying command pathnames using hash

o redirecting output to files

o using the exec builtin command to replace the shell with another
command


o using jobs -Z to overwrite the shell process' argument and envi-
ronment space


o using the ARGV0 parameter to override argv[0] for external com-
mands


o turning off restricted mode with set +r or unsetopt RESTRICTED

--
-Chuck

_______________________________________________
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to