On Mon, Nov 5, 2012 at 2:56 PM, Arun Khan <[email protected]> wrote:
> On Mon, Nov 5, 2012 at 2:01 PM, Karthikeyan Venkatraman
> <[email protected]> wrote:
> >
> > On Sun, Nov 4, 2012 at 12:50 PM, ravi jaya <[email protected]>
> wrote:
> >
> > > Hello everybody,
> > >
> > > I am trying to learn, how could I restrict the users, from running
> the
> > > specific commands. like rm or rmdir or anything else in this case.
> > >
> > > On the other hand I am trying to look into rbash the restricted
> > > shell, whether, any thing good it can do for this requirement
> > >
> > >
> > >
> >
> >
> > In Ubuntu edit the sudoers file in /etc folder, you can come across allow
> > members of group sudo to execute any command. There you insert a new text
> > "username ALL=(ALL) NOPASSWD: command path to execute like /sbin/shutdown
> > etc..".
> >
> > Also make sure the user is in standard account privilege.
>
> I would add one more thing - create a group, restrict this group to
> the set of commands. Make it the primary group for all users under
> such restriction.
>
>
Hi Ravi,
Go through the below steps,
1. Create the restricted shell
cp /bin/bash /bin/rbash
2. Modify the target user for the shell as restricted shell
for new user
useradd -s /bin/rbash localuser
for existing user
usermod -s /bin/rbash localuser
3. Create a directory under /home/localuser, e.g. programs
mkdir /home/localuser/programs
4. Now if you check, the user localuser can access all commands which
he/she has allowed to execute. These commands are taken from the
environmental PATH variable which is set in
/home/localuser/.bash_profileModify it as follows.
# cat /home/localuser/.bash_profile
# .bash_profile
# Get the aliases and functions
if [ -f ~/.bashrc ]; then
. ~/.bashrc
fi
# User specific environment and startup programs
PATH=$HOME/programs
export PATH
Here the PATH variable is set to ~/programs directory, as /usr/local/bin is
binded to /home/username/bin and /bin is binded to /home/username/bin so
replacing that
5. Now after logging with the username localuser, user cant run a simple
command too. The output will be like this,
6. Now create the softlinks of commands which are required for user
localuser to execute in the directory /home/localuser/programs
ln -s /bin/date /home/localuser/programs/
ln -s /bin/ls /home/localuser/programs/
now user can execute only date and ls command. likewise you add the
commands you want
--
With Regards,
RK,
+91 9840483044
_______________________________________________
ILUGC Mailing List:
http://www.ae.iitm.ac.in/mailman/listinfo/ilugc
