Re: [Ilugc] how to restrict the users, from running some specific commands.

[ravi jaya]

>
>
>I Have a idea ,create alias(rename) for the commands whatever you want.
>
> after that   ???

-- 
Ravi Jaya

Mob: 97909 16181
Site: www.ravijaya.info
___
ILUGC Mailing List:
http://www.ae.iitm.ac.in/mailman/listinfo/ilugc

Re: [Ilugc] how to restrict the users, from running some specific commands.

[rmariya sagaya asirvatham]

On Mon, Nov 5, 2012 at 5:39 PM, ravi jaya  wrote:

> I am trying to learn, how could I  restrict  the users, from  running the
> >  specific commands. like rm or rmdir or anything else in this case.
> >
>
> Thanks for your comments,
>
> ACL helped me out.  Removed the specific commands rwx permission  for the
> user. That's it problem solved.,
>
> Eg: User 'ravi' should not be allowed to run rm command in his default
> shell
>
> setfacl -m u:ravi:--- /bin/rm
>
>
>
>
>
> --
> Ravi Jaya
>
> Mob: 97909 16181
> Site: www.ravijaya.info
> ___
> ILUGC Mailing List:
> http://www.ae.iitm.ac.in/mailman/listinfo/ilugc
>



   I Have a idea ,create alias(rename) for the commands whatever you want.
___
ILUGC Mailing List:
http://www.ae.iitm.ac.in/mailman/listinfo/ilugc

Re: [Ilugc] how to restrict the users, from running some specific commands.

[ravi jaya]

I am trying to learn, how could I  restrict  the users, from  running the
>  specific commands. like rm or rmdir or anything else in this case.
>

Thanks for your comments,

ACL helped me out.  Removed the specific commands rwx permission  for the
user. That's it problem solved.,

Eg: User 'ravi' should not be allowed to run rm command in his default
shell

setfacl -m u:ravi:--- /bin/rm





-- 
Ravi Jaya

Mob: 97909 16181
Site: www.ravijaya.info
___
ILUGC Mailing List:
http://www.ae.iitm.ac.in/mailman/listinfo/ilugc

Re: [Ilugc] how to restrict the users, from running some specific commands.

[RK RK]

On Mon, Nov 5, 2012 at 2:56 PM, Arun Khan  wrote:

> On Mon, Nov 5, 2012 at 2:01 PM, Karthikeyan Venkatraman
>  wrote:
> >
> > On Sun, Nov 4, 2012 at 12:50 PM, ravi jaya 
> wrote:
> >
> > > Hello everybody,
> > >
> > > I am trying to learn, how could I  restrict  the users, from  running
> the
> > >  specific commands. like rm or rmdir or anything else in this case.
> > >
> > > On the other hand I am trying to look into rbash the restricted
> > > shell, whether, any thing good it  can do for this requirement
> > >
> > >
> > >
> >
> >
> > In Ubuntu edit the sudoers file in /etc folder, you can come across allow
> > members of group sudo to execute any command. There you insert a new text
> > "username ALL=(ALL) NOPASSWD: command path to execute like /sbin/shutdown
> > etc..".
> >
> > Also make sure the user is in standard account privilege.
>
> I would add one more thing - create a group, restrict this group to
> the set of commands.  Make it the primary group for all users under
> such restriction.
>
>

Hi Ravi,

Go through the below steps,


1. Create the restricted shell

cp /bin/bash /bin/rbash


2. Modify the target user for the shell as restricted shell

for new user
useradd -s /bin/rbash localuser
for existing user
usermod -s /bin/rbash localuser


3. Create a directory under /home/localuser, e.g. programs

mkdir /home/localuser/programs

4. Now if you check, the user localuser can access all commands which
he/she has allowed to execute. These commands are taken from the
environmental PATH variable which is set in
/home/localuser/.bash_profileModify it as follows.

# cat /home/localuser/.bash_profile
# .bash_profile

# Get the aliases and functions
if [ -f ~/.bashrc ]; then
. ~/.bashrc
fi
# User specific environment and startup programs
PATH=$HOME/programs
export PATH
Here the PATH variable is set to ~/programs directory, as /usr/local/bin is
binded to /home/username/bin and /bin is binded to /home/username/bin so
replacing that


5. Now after logging with the username localuser, user cant run a simple
command too. The output will be like this,

6. Now create the softlinks of commands which are required for user
localuser to execute in the directory /home/localuser/programs

ln -s /bin/date /home/localuser/programs/
ln -s /bin/ls /home/localuser/programs/

now user can execute only date and ls command. likewise you add the
commands you want



-- 

With Regards,
RK,
+91 9840483044
___
ILUGC Mailing List:
http://www.ae.iitm.ac.in/mailman/listinfo/ilugc

Re: [Ilugc] how to restrict the users, from running some specific commands.

[Arun Khan]

On Mon, Nov 5, 2012 at 2:01 PM, Karthikeyan Venkatraman
 wrote:
>
> On Sun, Nov 4, 2012 at 12:50 PM, ravi jaya  wrote:
>
> > Hello everybody,
> >
> > I am trying to learn, how could I  restrict  the users, from  running the
> >  specific commands. like rm or rmdir or anything else in this case.
> >
> > On the other hand I am trying to look into rbash the restricted
> > shell, whether, any thing good it  can do for this requirement
> >
> >
> >
>
>
> In Ubuntu edit the sudoers file in /etc folder, you can come across allow
> members of group sudo to execute any command. There you insert a new text
> "username ALL=(ALL) NOPASSWD: command path to execute like /sbin/shutdown
> etc..".
>
> Also make sure the user is in standard account privilege.

I would add one more thing - create a group, restrict this group to
the set of commands.  Make it the primary group for all users under
such restriction.

-- Arun Khan
___
ILUGC Mailing List:
http://www.ae.iitm.ac.in/mailman/listinfo/ilugc

Re: [Ilugc] how to restrict the users, from running some specific commands.

[Karthikeyan Venkatraman]

On Sun, Nov 4, 2012 at 12:50 PM, ravi jaya  wrote:

> Hello everybody,
>
> I am trying to learn, how could I  restrict  the users, from  running the
>  specific commands. like rm or rmdir or anything else in this case.
>
> On the other hand I am trying to look into rbash the restricted
> shell, whether, any thing good it  can do for this requirement
>
>
> Thank you.
>
> --
> Ravi Jaya
>
> Mob: 97909 16181
> Site: www.ravijaya.info
> ___
> ILUGC Mailing List:
> http://www.ae.iitm.ac.in/mailman/listinfo/ilugc
>


In Ubuntu edit the sudoers file in /etc folder, you can come across allow
members of group sudo to execute any command. There you insert a new text
"username ALL=(ALL) NOPASSWD: command path to execute like /sbin/shutdown
etc..".

Also make sure the user is in standard account privilege.

-- 
Thanks,
V. Karthick



___
ILUGC Mailing List:
http://www.ae.iitm.ac.in/mailman/listinfo/ilugc

Re: [Ilugc] how to restrict the users, from running some specific commands.

[Thyagarajan தியாகராஜன்]

Hi,

I am trying to learn, how could I  restrict  the users, from  running the
>  specific commands. like rm or rmdir or anything else in this case.
>
> On the other hand I am trying to look into rbash the restricted
> shell, whether, any thing good it  can do for this requirement
>
> have a look at http://lshell.ghantoos.org/

HTH,
Thyagarajan Shanmugham
___
ILUGC Mailing List:
http://www.ae.iitm.ac.in/mailman/listinfo/ilugc

[Ilugc] how to restrict the users, from running some specific commands.

[ravi jaya]

Hello everybody,

I am trying to learn, how could I  restrict  the users, from  running the
 specific commands. like rm or rmdir or anything else in this case.

On the other hand I am trying to look into rbash the restricted
shell, whether, any thing good it  can do for this requirement


Thank you.

-- 
Ravi Jaya

Mob: 97909 16181
Site: www.ravijaya.info
___
ILUGC Mailing List:
http://www.ae.iitm.ac.in/mailman/listinfo/ilugc