LinuxQuestions.org - Restrict what commands users can use?

- *BSD (https://www.linuxquestions.org/questions/%2Absd-17/)

- - Restrict what commands users can use? (https://www.linuxquestions.org/questions/%2Absd-17/restrict-what-commands-users-can-use-506140/)

Restrict what commands users can use?

Hi!

Edit: I use FreeBSD 6.1 and OpenBSD 4.0 on my servers.

Is there a way to control what commands users can use? I would like some users to only have the ability to use cd, ls, nano or vi, mkdir, rm and cat (maybe some more). I want a trusted group to be able to use screen, irc, centericq, wget and links as well. Can I do this without a jail?

Thanks in advance!

Yes you can, but you'll be working on changing file permissions throughout the file system.

Code:

find / -type f -exec chmod o-x {} \; -print

This assumes you use tcsh, you need to use \{\} if you use bash. Then add a couple of groups, one for the class of user you want. And chgrp each program you want them to be able to use. You must make sure that the people in the higher access group are also in the lower access group.

This is the old-school way of doing it. And is not very complicated from a minimalist approach.

Keep in mind that when you upgrade the base system or reinstall a port, all these settings are going to get screwed up. So you may want to create a script to automatically fix the settings after upgrades.