I just want to disable rm command for an user..Root only need to use that.

Can anyone help me???

On my system it looks like

-rwxr-xr-x 1 root root 44008 Mar 1 08:33 /bin/rm

so, if you really want root and ONLY root to be able to use it, remove the perms for others ie

-rwxr-x--- 1 root root 44008 Mar 1 08:33 /bin/rm

I'd leave the group perms on because there are prob scripts that need it that may be run by services that are in root group but not owned by root.
You may still get probs, so keep a strict eye on your logs for a while.

0 members found this post helpful.

Try this:

0 members found this post helpful.

Hi hansemmanuel!

You can either remove the execute permission from the rm command but that will restrict other users also from executing the rm command.

So, you can make "bin" folder under user's home folder containing softlinks to executeables in /bin folder and just remove rm softlink from user's ~/bin folder and set user's default path under ~/.bashrc file to use ~/bin for search for executeables.

Details steps for the same are given on below link:
http://linuxbuddies.com/2008/12/22/h...-certain-user/

Note: As mentioned on link user can overcome this aproach by resetting $PATH variable.

Thanks,
Pkhera

0 members found this post helpful.

Suppose I want to disable rm for a particular user...Is there any option for that?

You can implement acl on /bin/rm for that particular user.

0 members found this post helpful.

This is very tough to do, because this looks like security by obscurity...

say you revoke the rights to execute 'rm' by the chmod commands given.. what prevents me from copying the rm binary to my homedir, giving it execute permissions and then just use that one...

You'll have to control where a (or 'any') user can write files and that places should not have 'noexec' in the mount option (don't put it on the / filesystem ).

In my opinion it is a regular use of any unix (linux) system to be able for a user to remove files.. the binary rm is just a way to achieve this.. a user could as well write a simple perlscript and use 'unlink' from there.. because the filesystem allows it ....

To prevent a user from deleting (certain) files is to make sure the files (and directories) are not owned by the specific user...

Is it possible to elaborate on your actual problem you want to solve rather than asking about this particular solution? Perhaps your problem is of some other order you can resolve differently... (my question would be: what is the harm in that a user can remove files it has the appropriate rights to?)

5 members found this post helpful.

If you do this, then users may not be able to delete their own files. Surely you want them to be able to manage their own home directories?!

By default, users can only use rm to delete files with permissions which allow them to - which is usually only their own. So what is the problem exactly? Do you have users who have managed to delete files you don't want them to? (Maybe you had a user who deleted all the hidden files in their home directory with a dos-style rm *.*?)

My actual problem is one webserver is hacked..A malicious script ran on that server.
It is the second time happening like this..
The script is deleting certain important files..as a result webserver is down without it's pages.
The script is using rm command...it is deleting that particular user's file..imagine his name is joe..
what can I do to prevent this??

As i said implement an acl for that user denying rwx permission.

One (silly, see post above by rhoekstra) way of doing it would be to
add that user to a specially created group, say norm, and modify
ownerships & permissions on the binary like this:

This will work because the pemissions are evaluated left to
right, and the user who's in norm will not get the "others"
permissions to read or execute (so he can't copy, either).

But it still seems like a weird request, considering that
the user can only a) delete their own files in the first
place and b) will always be able to vandalise them. What's
the point of having all his 0-length files preserved?



Cheers,
Tink

1 members found this post helpful.

Tighten up security on the server ... and with these
words I'm moving this thread over to our security forum.



Cheers,
Tink

rm isn't the only program malicious scripts can use to remove files. unlink can wreak havoc, too.

You're looking at the wrong problem. What you need to address is why your server gets cracked repeatedly. Until you start addressing that, everything else is likely useless. If you care to start posting details about the crack, we can help you. If you want a guide on how to start gathering facts, this is a good place to start.

4 members found this post helpful.

Indeed, it is a bit like saying you want to put a lock on your fridge because someone keeps breaking into your house and eating your cheese - i.e. they are still free to steal your fridge or murder you in your sleep.

First you need to find out how they are getting in. Secondly you primarily restrict the damage that people can do by setting appropriate permissions, not by removing access to certain commands.

Disabling rm will stop them using that one command, they could still use (say) a PHP script to delete the file or the could overwrite the file or move it - if you set appropriate file permissions then all those will be prevented. I think that them deleting the website is the least of your worries, for example what if they were to modified your website so that your visitor's computers were infected by a virus which in turn stole their identity and drained their bank accounts?

If you really have no idea how they are getting in, you need to do a clean install and lock down the box as best you know how. If you have have a server on the Internet and you don't learn about security, it will get cracked every day. Yes, Linux is a secure operating system and most distros are pretty secure as they shipped, but as soon as you start making services available to Internet you are opening it to potential attack.

2 members found this post helpful.