LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices



Reply
 
Search this Thread
Old 04-14-2009, 01:53 AM   #1
hihiren
LQ Newbie
 
Registered: Apr 2009
Posts: 1

Rep: Reputation: 0
restriction on commands


I am using Ubuntu linux.

Do we have any mechanism in linux where we can restrict user for giving any commands?
E.g. I have one folder named <home>/myCode
Now I want to make sure that any user including me, is not able to user "rm -rf *" on this folder.

Can we do this?

Any help would be really grateful.

Regards,
Kumar
 
Old 04-14-2009, 02:00 AM   #2
Disillusionist
Senior Member
 
Registered: Aug 2004
Location: England
Distribution: Ubuntu
Posts: 1,013

Rep: Reputation: 83
You could change the execute permissions on rm (preventing anyone other than root from executing the command) however this would probably cause lots of issues elsewhere.

You could write your own front-end to the rm command, performing some basic checks before allowing the command to be run.

EDIT:- Sample front-end:

Code:
#!/bin/bash
###
### Front-end to rm
###
### This must be located in a path before /bin in the $PATH environment variable.
###
### Limitations: only checks two parameters
###

if [ $# -gt 1 ]
then
   # more than 1 parameter passed to rm.
   # check for -rf or -fr
   if [ "$1" == '-rf' -o "$1" == '-fr' ]
   then
      echo "You are in directory $(pwd)"
      echo "about to recursively remove $2"
      read -p "Do you want to continue? " ans

      case $ans in

         [Yy]|[Yy][Ee][Ss]) /bin/rm $1 $2;;

         *) echo "Exiting..."
            exit 1;;

      esac

   else
      # Test $1 to ensure it is a valid file
      if [ -f $1 ]
      then
         /bin/rm $1
      fi

      # Test $2 to ensure it is a valid file
      if [ -f $2 ]
      then
         /bin/rm $2
      fi
   fi
else
   # Only 1 parameter assume file
   if [ -f $1 ]
   then
      /bin/rm $1
   else
      echo "Error $1 was not a file"
      exit 2
   fi
fi
This file should be called rm owned by root with rwxr-xr-x permissions. It should also be in a folder that only root has write permissions to!

vi /usr/local/bin/rm

chown root:root /usr/local/bin/rm
chmod 755 /usr/local/bin/rm
chown root:root /usr/local/bin
chmod 755 /usr/local/bin

ensure that /usr/local/bin is before /bin in the $PATH environment variable.

export PATH=/usr/local/bin:$PATH

Last edited by Disillusionist; 04-14-2009 at 02:48 AM.
 
Old 04-14-2009, 07:34 AM   #3
cyprinidae
Member
 
Registered: Oct 2008
Distribution: Fedora, CentOS, Crunchbang
Posts: 46

Rep: Reputation: 16
Have you thought about 'chattr'?
Code:
chattr +i filename
prevents deletion or any other kind of change to a file, so might be not much usefull, but
Code:
chattr +a filename
for example, prevents deletion, but allows appending to a file, so you can be sure nobody can delete it...
 
  


Reply

Tags
command


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Need help for Windows cmd commands into Linux terminal commands. windowsNilo Linux - Software 2 07-02-2008 07:26 PM
Need help for Windows cmd commands into Linux terminal commands. windowsNilo Linux - General 2 07-01-2008 07:53 AM
5posts restriction mfred LQ Suggestions & Feedback 6 12-31-2005 12:37 PM
FTP Restriction Jason_25 Linux - Networking 2 12-02-2001 05:14 AM
ip restriction ggramajo Linux - Networking 0 11-30-2001 08:03 AM


All times are GMT -5. The time now is 04:26 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration