LinuxQuestions.org - restriction on commands

You could change the execute permissions on rm (preventing anyone other than root from executing the command) however this would probably cause lots of issues elsewhere.

You could write your own front-end to the rm command, performing some basic checks before allowing the command to be run.

EDIT:- Sample front-end:

Code:

#!/bin/bash

###

### Front-end to rm

###

### This must be located in a path before /bin in the $PATH environment variable.

###

### Limitations: only checks two parameters

###



if [ $# -gt 1 ]

then

  # more than 1 parameter passed to rm.

  # check for -rf or -fr

  if [ "$1" == '-rf' -o "$1" == '-fr' ]

  then

      echo "You are in directory $(pwd)"

      echo "about to recursively remove $2"

      read -p "Do you want to continue? " ans



      case $ans in



        [Yy]|[Yy][Ee][Ss]) /bin/rm $1 $2;;



        *) echo "Exiting..."

            exit 1;;



      esac



  else

      # Test $1 to ensure it is a valid file

      if [ -f $1 ]

      then

        /bin/rm $1

      fi



      # Test $2 to ensure it is a valid file

      if [ -f $2 ]

      then

        /bin/rm $2

      fi

  fi

else

  # Only 1 parameter assume file

  if [ -f $1 ]

  then

      /bin/rm $1

  else

      echo "Error $1 was not a file"

      exit 2

  fi

fi

This file should be called rm owned by root with rwxr-xr-x permissions. It should also be in a folder that only root has write permissions to!

vi /usr/local/bin/rm

chown root:root /usr/local/bin/rm
chmod 755 /usr/local/bin/rm
chown root:root /usr/local/bin
chmod 755 /usr/local/bin

ensure that /usr/local/bin is before /bin in the $PATH environment variable.

export PATH=/usr/local/bin:$PATH