-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dhruv Gami wrote: | Hello Everyone, | | I am trying to setup an account for a user, who is to be given limited | access. For example, this user should be able to run things like reboot, | useradd, ifconfig, tail, emacs (or vi) ... essentially a list of | programs that I specify, and only those programs. |
Whups. Be *very* careful with restricted shells. Many programs allow the user to execute external programs (editors like vi and emacs, for example)[1]. There are many different ways to get around a restricted shell, or sudo. If you absolutely have to do this, spend lots of time making sure it really is restricted. (Of course, if this user is allowed to run useradd, they could just create a new unrestricted user, and not bother fumbling about with rbash, rvim, etc ;]) [1] rvim is a restricted version of vim, that won't allow the user to execute shell commands. I'm sure there is an equivalent for emacs, though I've never actually heard of it (hey, it has everything else ;]) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) iD8DBQFDKIkZwsRpgTiXSOERAgM6AJ4rgE7+ZYF7i9mRLowNjL0BO7fbnwCeIyl2 y6aJncnwfTpdbmRsJqXdgdw= =y7PT -----END PGP SIGNATURE----- -- TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ : http://trilug.org/faq/ TriLUG Member Services FAQ : http://members.trilug.org/services_faq/ TriLUG PGP Keyring : http://trilug.org/~chrish/trilug.asc
