LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 05-24-2011, 06:39 AM   #1
asanka
LQ Newbie
 
Registered: Sep 2009
Location: Mount Lavinia, Colombo
Posts: 2

Rep: Reputation: 0
allow users to run specified commands only


Hi,

I want to restrict some of my Operating System users running unwanted commands. I just want them to run specified commands only. How can i achieve this?

Thanks
Asanka
 
Old 05-24-2011, 06:55 AM   #2
EricTRA
Guru
 
Registered: May 2009
Location: Gibraltar, Gibraltar
Distribution: Fedora 18 with Awesome WM
Posts: 6,805
Blog Entries: 1

Rep: Reputation: 1290Reputation: 1290Reputation: 1290Reputation: 1290Reputation: 1290Reputation: 1290Reputation: 1290Reputation: 1290Reputation: 1290
Hello Asanka,

Have a look at the man page for the sudo command and sudoers file:
Code:
man sudo
man sudoers
That should get you started. Through Google you can also find a lot of good documentation on the subject, for example here.

Kind regards,

Eric
 
Old 05-24-2011, 09:41 AM   #3
the dsc
Member
 
Registered: May 2009
Distribution: Debian
Posts: 130
Blog Entries: 63

Rep: Reputation: 30
If what is really wanted isn't to give specific super user permissions to some users, but rather give some users a "lower rank" than "normal" users, would that also be a matter of "sudo" configurations? I think that it would require some complex configuration of the groups to which each user belongs, I guess. But I don't quite know how it works, and I suspect it can't be so much arbitrarily restrictive, like "user x can 'cat' and 'less' but can't 'grep'".
 
Old 05-25-2011, 02:23 PM   #4
Reuti
Senior Member
 
Registered: Dec 2004
Location: Marburg, Germany
Distribution: openSUSE 11.4
Posts: 1,319

Rep: Reputation: 252Reputation: 252Reputation: 252
As any user can install anything in his home or /tmp, it would also mean to mount at least these two file systems with the noexec option in /etc/fstab.
 
Old 05-26-2011, 06:28 AM   #5
divyashree
Senior Member
 
Registered: Apr 2007
Location: bbsr,orissa,India
Distribution: RHEL5 ,RHEL4,CENT OS5,FEDORA,UBUNTU
Posts: 1,347

Rep: Reputation: 135Reputation: 135
Quote:
Originally Posted by asanka View Post
Hi,

I want to restrict some of my Operating System users running unwanted commands. I just want them to run specified commands only. How can i achieve this?

Thanks
Asanka
The concept is in /etc/sudoers you can define which user can use which command.
Then the user can use the command by
Quote:
sudo <command>
Now google about this for in details..

Last edited by divyashree; 05-26-2011 at 06:29 AM.
 
0 members found this post helpful.
Old 05-26-2011, 06:33 AM   #6
EricTRA
Guru
 
Registered: May 2009
Location: Gibraltar, Gibraltar
Distribution: Fedora 18 with Awesome WM
Posts: 6,805
Blog Entries: 1

Rep: Reputation: 1290Reputation: 1290Reputation: 1290Reputation: 1290Reputation: 1290Reputation: 1290Reputation: 1290Reputation: 1290Reputation: 1290
Quote:
Originally Posted by divyashree View Post
The concept is in /etc/sudoers you can define which user can use which command.
Then the user can use the command by

Now google about this for in details..
Hi divyashree,

No offense but do you read what other users have posted in a thread before posting? This has already been pointed out to the OP.

Kind regards,

Eric
 
Old 05-28-2011, 03:51 AM   #7
divyashree
Senior Member
 
Registered: Apr 2007
Location: bbsr,orissa,India
Distribution: RHEL5 ,RHEL4,CENT OS5,FEDORA,UBUNTU
Posts: 1,347

Rep: Reputation: 135Reputation: 135
Quote:
Originally Posted by EricTRA View Post
Hi divyashree,

No offense but do you read what other users have posted in a thread before posting? This has already been pointed out to the OP.

Kind regards,

Eric
sorry guru...
 
Old 05-29-2011, 01:29 PM   #8
karthik3152
LQ Newbie
 
Registered: May 2011
Posts: 10
Blog Entries: 3

Rep: Reputation: Disabled
Quote:
Originally Posted by divyashree View Post
sorry guru...
Hi team

To my knowledge this has to be done with /etc/sudoers
Here you can exactly restrict the users to run only particular commands

When the any of the user runs any commands for which he is not given permission ,error will throw stating PERMISSION DENIED.

Using this even the root can be restricted from running some commands.

I think this link may help you better

Last edited by unSpawn; 06-05-2011 at 09:32 AM. Reason: //Removed web log advertising link
 
0 members found this post helpful.
Old 05-29-2011, 04:06 PM   #9
TB0ne
Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 14,136

Rep: Reputation: 2456Reputation: 2456Reputation: 2456Reputation: 2456Reputation: 2456Reputation: 2456Reputation: 2456Reputation: 2456Reputation: 2456Reputation: 2456Reputation: 2456
Quote:
Originally Posted by karthik3152 View Post
Hi team
To my knowledge this has to be done with /etc/sudoers
Here you can exactly restrict the users to run only particular commands

When the any of the user runs any commands for which he is not given permission ,error will throw stating PERMISSION DENIED.

Using this even the root can be restricted from running some commands.

I think this link may help you better
Karthick3152, did you read what EricTRA posted, and did you read the previous replies?? That has already been posted/suggested to the OP, and restated (again) by divyashree.

Last edited by unSpawn; 06-05-2011 at 09:32 AM. Reason: //Removed web log advertising link
 
Old 05-30-2011, 11:15 AM   #10
Turbocapitalist
Member
 
Registered: Apr 2005
Distribution: Ubuntu, Debian, OS X (bsd)
Posts: 143

Rep: Reputation: 27
You can restrict the users by setting their shell to rbash, then make a directory with links to the programs they are allowed to run and put that in the users' $PATH variable.
 
  


Reply

Tags
sudo, sudoers


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] After modifying /etc/sudoers file, new users can not run specified commands mansour Linux - Newbie 15 04-13-2011 11:04 AM
Tail users commands ++nick++ Linux - Newbie 9 02-04-2010 06:04 PM
Using 'r' commands as root users lapthorn Linux - Networking 2 11-24-2003 08:03 AM
Allowing users to run commands davee Linux - Security 1 01-27-2003 05:54 AM
Allowing Users commands Atroxic Linux - Newbie 2 02-01-2002 11:06 PM


All times are GMT -5. The time now is 04:03 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration