You could change the ownership to root (or any other user he does
nothave access to) and remove group and world execution bits. Or, you
could write a simple shell script wrapper that checks the UID and if it
is the target, exit from the script with a nifty message.
Rename the file to something else, say file.bin, and then call the
script file, so the user will still try and execute 'file', but it
really is the wrapper script checking for UID's.
My bash is a nit rusty but it would look something like this:
#!/bin/bash
PROG="/full/path/to/program.bin"
LUZER="<uid of the target user>" # example: LUZER="0" <--- this
would be root
if [ "$UID" != "$LUZER" ]; then
$PROG
else
echo "You are permitted from running this program."
exit 1;
fi
exit 0;
You could get more elaborate with logging and etc... But this will work
on a rudimentary level. However, the user must not own or have write
perms on the program or the file.
For example, you want to prevent one user from running 'top' without
using a cludge of new groups and file perms.
mv /bin/top /bin/top.bin
Then save the above script as /bin/top. It will be transparent to all
users except the target UID. One gotcha to look out for is that any
files installed via rpm will break the dependency. You will always have
to remember to move the file back when performing rpm transactions
involving that package.
Hope this helps,
CC
-----Original Message-----
From: Reuben D. Budiardja [mailto:reubendb@;innovativethought.com]
Sent: Thursday, October 31, 2002 7:35 AM
To: [EMAIL PROTECTED]
Subject: How to ban someone from running a program
Hi all,
I am managing a machine that was used by several people. One of the
users
often time run a program (written in fortran) that takes huge CPU and
Memory
that make the machine very un-responsive. So, the basic question is, how
do I
prevent him to run that program without revoking his user account? and
yes, I
emailed him several times to notify this. But either he does not read
the
e-mail or he doesn't care.
RDB
--
-------------------------------------------------
/"\ ASCII Ribbon Campaign against HTML
\ / email and proprietary format
X attachments.
/ \
-------------------------------------------------
Have you been used by Microsoft today?
Choose your life. Choose freedom.
Choose LINUX.
-------------------------------------------------
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@;redhat.com?subject=unsubscribe
https://listman.redhat.com/mailman/listinfo/redhat-list
----------
This message contains confidential information and is intended only for
the individual named. If you are not the named addressee you should not
disseminate, distribute or copy this e-mail. Please notify the sender
immediately by e-mail if you have received this e-mail by mistake and
delete this e-mail from your system. E-mail transmission cannot be
guaranteed to be secure or error-free as information could be
intercepted, corrupted, lost, destroyed, arrive late or incomplete, or
contain viruses. The sender therefore does not accept liability for any
errors or omissions in the contents of this message, which arise as a
result of e-mail transmission. If verification is required please
request a hard-copy version.
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@;redhat.com?subject=unsubscribe
https://listman.redhat.com/mailman/listinfo/redhat-list
