allow users to run specified commands only

asanka · 05-24-2011, 06:39 AM

Hi,

I want to restrict some of my Operating System users running unwanted commands. I just want them to run specified commands only. How can i achieve this?

Thanks
Asanka

EricTRA · 05-24-2011, 06:55 AM

Hello Asanka,

Have a look at the man page for the sudo command and sudoers file:

Code:

man sudo
man sudoers

That should get you started. Through Google you can also find a lot of good documentation on the subject, for example here.

Kind regards,

Eric

the dsc · 05-24-2011, 09:41 AM

If what is really wanted isn't to give specific super user permissions to some users, but rather give some users a "lower rank" than "normal" users, would that also be a matter of "sudo" configurations? I think that it would require some complex configuration of the groups to which each user belongs, I guess. But I don't quite know how it works, and I suspect it can't be so much arbitrarily restrictive, like "user x can 'cat' and 'less' but can't 'grep'".

Reuti · 05-25-2011, 02:23 PM

As any user can install anything in his home or /tmp, it would also mean to mount at least these two file systems with the noexec option in /etc/fstab.

divyashree · 05-26-2011, 06:28 AM

Quote:

Originally Posted by asanka

Hi,

I want to restrict some of my Operating System users running unwanted commands. I just want them to run specified commands only. How can i achieve this?

Thanks
Asanka

The concept is in /etc/sudoers you can define which user can use which command.
Then the user can use the command by

Quote:

sudo <command>

Now google about this for in details..

EricTRA · 05-26-2011, 06:33 AM

Quote:

Originally Posted by divyashree

The concept is in /etc/sudoers you can define which user can use which command.
Then the user can use the command by

Now google about this for in details..

Hi divyashree,

No offense but do you read what other users have posted in a thread before posting? This has already been pointed out to the OP.

Kind regards,

Eric

divyashree · 05-28-2011, 03:51 AM

Quote:

Originally Posted by EricTRA

Hi divyashree,

No offense but do you read what other users have posted in a thread before posting? This has already been pointed out to the OP.

Kind regards,

Eric

sorry guru...

karthik3152 · 05-29-2011, 01:29 PM

Quote:

Originally Posted by divyashree

sorry guru...

Hi team

To my knowledge this has to be done with /etc/sudoers
Here you can exactly restrict the users to run only particular commands

When the any of the user runs any commands for which he is not given permission ,error will throw stating PERMISSION DENIED.

Using this even the root can be restricted from running some commands.

I think this link may help you better

TB0ne · 05-29-2011, 04:06 PM

Quote:

Originally Posted by karthik3152

Hi team
To my knowledge this has to be done with /etc/sudoers
Here you can exactly restrict the users to run only particular commands

When the any of the user runs any commands for which he is not given permission ,error will throw stating PERMISSION DENIED.

Using this even the root can be restricted from running some commands.

I think this link may help you better

Karthick3152, did you read what EricTRA posted, and did you read the previous replies?? That has already been posted/suggested to the OP, and restated (again) by divyashree.

Turbocapitalist · 05-30-2011, 11:15 AM

You can restrict the users by setting their shell to rbash, then make a directory with links to the programs they are allowed to run and put that in the users' $PATH variable.