Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
See now if i make a scenario as mentioned, the user can execute the two files, that's fine.
But that scripts contains passwords which should be confidential and should not be viewed
by the particular user, where he should have a execute permission alone for the two files.
Then also the specified user can use the default editors and viewers.
Now if we block all the commands then the user can alone execute both the scripts.
Example blocking of all the editors, viewers etc., used in Linux.
Or i had witten a script on the users .bashrc file in which the user can do all the process in a loop.
But if the user presses Ctrl+C then he can return to the prompt, Is there any option to solve this
by restricting the user to come to CLI prompt. Once the user press Ctrl+C then the telnet console
should be closed.
But that scripts contains passwords which should be confidential and should not be viewed by the particular user, where he should have a execute permission alone for the two files.
Then also the specified user can use the default editors and viewers.
Uh.. no. The user will NOT be able to view the file contents, as he won't have permission to use any of the text editors. He wouldn't be able to cat, grep, vim, nano, emacs, more, less, or anything else. He will be able to execute the files, nothing else.
That's the whole point of only giving him access to the "secure" group's files. Unless your permissions for your executables are screwy (i.e. world-executable), he should be unable to use them.
You could also set the script permissions to --x, which would prevent him from reading the files even if he DID manage to find a way to use a text editor.
Nice to see your reply, but if i'm creating a new group say in the name "secure"
the files @ /usr/bin/* will all be having a third permission "rwx-rwx-r-x".
Where in this if you create a new group named "secure" then it will be considered
as the third permissions such as "READ" and "EXECUTE" where even the user at group
"secure" can use the files as they all have a read and execute permission of "OTHERS"
So changing the files @ path /usr/bin/* to "rwx-rwx---x" is impossible as some system calls will
be in these files, am i correct. And also for your kind info if you change the permission of a file
to execute alone then it cannot be executed as the file should be readable for execution.
Is there any other options ? if so kindly send it to me :-) Once again Thank you for Intiative taken.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.