> Hello all, > > Is there an easy way to limit the commands a certain group of users > can execute? I've looked at chroot, and it's too complicated for my > needs and seems too easy to circumvent; users will be able to upload > their own Perl scripts, so it seems that they'll be able to access > commands outside their chroot by getting Apache w/ mod_perl to execute > the script. > > I'd like to be able to compile a list of commands/programs that users > in a certain group will be able to execute (ex. cp, mv, rm, etc). > However, I'd also be happy to compile a list of commands users > shouldn't be able to execute.
>In regards to the latter method, would it be possible for me to change the >group ownership of the commands I don't want users to have access to and >revoke execute permission from that group? Yes, you can make something like that: addgroup(access), then change groupname of commands that you want with that group (access), remember to remove "execute/search by others" from commands that are with group(access), also don't forget to add group(access) to every user that you want to have access to this commands. > > Thanks, > Stephen Le > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact > [EMAIL PROTECTED] > > -------------------------------------------------------------- SELLINET Internet Services Provider - http://www.sellinet.net/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]