Greetings, * Osamu Aoki <[EMAIL PROTECTED]> [2004-Nov-05 14:13 AKST]: > On Fri, Nov 05, 2004 at 09:31:21AM -0800, Stephen Le wrote: > > Is there an easy way to limit the commands a certain group of users > > can execute? > > I never done this but.. > > Use of chroot with bash started as rbash sems to be what you need. > > Or use of rbash with with PATH pointing to custom location where > commands exist.
This is what I've done when I wanted to reduce the set of commands a user could run. I'm sure a reasonably competant Unix user could easily circumvent these restrictions, but it's a good first start, and making such attempts would result in account suspension. Change their shell to /bin/rbash in /etc/passwd: bbonds:x:50539:50539:Barry Bonds,,,:/home/bbonds:/bin/rbash Change the ownership and permissions on their .bash_profile and .bashrc to root:root 644: -rw-r--r-- 1 root root 420 Sep 21 13:05 .bash_profile -rw-r--r-- 1 root root 746 Sep 21 13:05 .bashrc Modify the PATH in whichever file you wish to a PATH that only includes the commands you wish: export PATH="/usr/local/rbin" Make symbolic links between allowed commands and '/usr/local/rbin' As I said before, this is just a simple attempt to reduce priviledge. There are undoubtably ways around it, some easier than others depending on what's in /usr/local/rbin. Chris -- Christopher S. Swingley email: [EMAIL PROTECTED] (work) Intl. Arctic Research Center [EMAIL PROTECTED] (personal) University of Alaska Fairbanks www.frontier.iarc.uaf.edu/~cswingle/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]