LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 05-27-2005, 02:01 AM   #1
bharaniks
Member
 
Registered: May 2005
Distribution: Red Hat Linux
Posts: 36

Rep: Reputation: 15
Secured Login


Hi,

How can i make a secure login where any of the linux commands should
not work except some of two scripts in /usr/bin/SCRIPT1 and SCRIPT2.

Once the user logs in then he should not access any of the linux commands
or commands used on command prompt or even to view it.

Please help me to make this done :-)
 
Old 05-27-2005, 03:06 AM   #2
oneandoneis2
Senior Member
 
Registered: Nov 2003
Location: London, England
Distribution: Ubuntu
Posts: 1,460

Rep: Reputation: 47
Is this a specific user who can only use those two commands, or any normal user who's logged in securely?

If the former, it's dead easy: Create a new group, called "secure" or some such.

Transfer ownership of the two scripts to the group "secure"

Then create a new user, and only allow him to access files owned by the "secure" group.

Simple as that, you have a user who can only execute the desired two commands.
 
Old 05-27-2005, 04:47 AM   #3
bharaniks
Member
 
Registered: May 2005
Distribution: Red Hat Linux
Posts: 36

Original Poster
Rep: Reputation: 15
Hi oneandoneis2,

Thanks for your posting.

See now if i make a scenario as mentioned, the user can execute the two files, that's fine.

But that scripts contains passwords which should be confidential and should not be viewed
by the particular user, where he should have a execute permission alone for the two files.
Then also the specified user can use the default editors and viewers.

Now if we block all the commands then the user can alone execute both the scripts.
Example blocking of all the editors, viewers etc., used in Linux.

Or i had witten a script on the users .bashrc file in which the user can do all the process in a loop.
But if the user presses Ctrl+C then he can return to the prompt, Is there any option to solve this
by restricting the user to come to CLI prompt. Once the user press Ctrl+C then the telnet console
should be closed.

If any options please let me know.
 
Old 05-27-2005, 07:49 AM   #4
oneandoneis2
Senior Member
 
Registered: Nov 2003
Location: London, England
Distribution: Ubuntu
Posts: 1,460

Rep: Reputation: 47
Quote:
But that scripts contains passwords which should be confidential and should not be viewed by the particular user, where he should have a execute permission alone for the two files.
Then also the specified user can use the default editors and viewers.
Uh.. no. The user will NOT be able to view the file contents, as he won't have permission to use any of the text editors. He wouldn't be able to cat, grep, vim, nano, emacs, more, less, or anything else. He will be able to execute the files, nothing else.

That's the whole point of only giving him access to the "secure" group's files. Unless your permissions for your executables are screwy (i.e. world-executable), he should be unable to use them.

You could also set the script permissions to --x, which would prevent him from reading the files even if he DID manage to find a way to use a text editor.
 
Old 05-30-2005, 12:30 AM   #5
bharaniks
Member
 
Registered: May 2005
Distribution: Red Hat Linux
Posts: 36

Original Poster
Rep: Reputation: 15
Hi Oneandoneis2

Nice to see your reply, but if i'm creating a new group say in the name "secure"
the files @ /usr/bin/* will all be having a third permission "rwx-rwx-r-x".

Where in this if you create a new group named "secure" then it will be considered
as the third permissions such as "READ" and "EXECUTE" where even the user at group
"secure" can use the files as they all have a read and execute permission of "OTHERS"

So changing the files @ path /usr/bin/* to "rwx-rwx---x" is impossible as some system calls will
be in these files, am i correct. And also for your kind info if you change the permission of a file
to execute alone then it cannot be executed as the file should be readable for execution.

Is there any other options ? if so kindly send it to me :-) Once again Thank you for Intiative taken.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Is Linux truly SECURED? poda Linux - Security 9 06-01-2005 08:04 PM
Why Linux is secured ?? emailssent Linux - Newbie 3 09-22-2004 12:34 AM
best secured linux crikkett10 Linux - Security 3 08-20-2004 04:42 AM
Secured Certificate Terri Linux - Security 1 08-13-2002 12:30 PM
Secured Cert Terri Linux - Software 1 06-11-2002 07:44 PM


All times are GMT -5. The time now is 04:25 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration