LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 01-23-2007, 07:08 AM   #1
Net_Spy
Member
 
Registered: Nov 2006
Posts: 119

Rep: Reputation: 17
user restrection launching such appz


Greetings to all

guys some one have any idea how to restrict a user launch a such gui or console based application using pam module or any way of doing that.just like we restrich a user for launching a such command on bash same like that but to prevent launching other application that he doesnt have the permission when its launch them it ask for the password or just denied the access.im looking forward for your kind response.

Regards
Net_Spy
 
Old 01-23-2007, 09:01 AM   #2
jschiwal
LQ Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 682Reputation: 682Reputation: 682Reputation: 682Reputation: 682Reputation: 682
To use pam an application needs to be compiled with the libpam library. You can try checking if a program is with the ldd command.

For example:
Code:
ldd /bin/su
        libpam.so.0 => /lib64/libpam.so.0 (0x00002b6142189000)
        libpam_misc.so.0 => /lib64/libpam_misc.so.0 (0x00002b6142395000)
        libc.so.6 => /lib64/libc.so.6 (0x00002b6142599000)
        libdl.so.2 => /lib64/libdl.so.2 (0x00002b61428dc000)
        libaudit.so.0 => /lib64/libaudit.so.0 (0x00002b6142ae0000)
        /lib64/ld-linux-x86-64.so.2 (0x0000555555554000)
Maybe you want to have the user run in a jail.

Last edited by jschiwal; 01-24-2007 at 08:50 PM. Reason: fixed typo
 
Old 01-23-2007, 11:47 PM   #3
Net_Spy
Member
 
Registered: Nov 2006
Posts: 119

Original Poster
Rep: Reputation: 17
Thanks for the reply here is the out put of ldd cmd but i mean if there is only executable file i got so how to do the password authentication using pam.Because pam use the share lib and it must b in /etc/pam.d or either must have the source code is there any other way to do it without having the source code.yeah may be they deserv to be in jail .Now tell how would i acheive my goal to prevent my user launching such console based appzz which include mouse point enable aswell.when user launch it should ask for password from user and also limit my user for use the limited commands.Im sure you got my point .lookig forward for your kind
response.

Response
Net_Spy


Code:
ldd /bin/su
        libpam.so.0 => /lib/libpam.so.0 (0x4002b000)
        libpam_misc.so.0 => /lib/libpam_misc.so.0 (0x40033000)
        libcrypt.so.1 => /lib/libcrypt.so.1 (0x40036000)
        libc.so.6 => /lib/tls/libc.so.6 (0x42000000)
        libdl.so.2 => /lib/libdl.so.2 (0x40063000)
        /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000)

Last edited by Net_Spy; 01-24-2007 at 01:49 AM.
 
Old 01-24-2007, 09:27 AM   #4
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
Just a few questions if I may:
- what's the main reason for denying access?
- are we talking about one application or many?
- one or multiple users?
- users each having their own set of inaccessable applications?

And *please* clean up your replies. Without proper capitalisation and punctuation it's hard to read to the point where many here are not even willing to put in an effort so basically you'll only be hurting yourself, response-wise.
 
Old 01-24-2007, 03:43 PM   #5
Net_Spy
Member
 
Registered: Nov 2006
Posts: 119

Original Poster
Rep: Reputation: 17
Ansers of your questions are list below

1)security reasons.
2)Application is single thread
3)users are more then one
4)all user will user the single centeralized appz.

im sure now ya dont have any problem to understand it.

Regards
Net_Spy
 
Old 01-24-2007, 08:59 PM   #6
jschiwal
LQ Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 682Reputation: 682Reputation: 682Reputation: 682Reputation: 682Reputation: 682
Quote:
Originally Posted by Net_Spy
2)Application is single thread
So it is a single application that you want to control? I'm reading between the lines because you used "Application" which is singular and not plural. Being single thread isn't what was asked, but this and answer #4 indicate that you want to control a network service. Is that correct. If so what is the application.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Question about Link to Appz Deathspawner Linux - Software 1 04-03-2005 09:28 PM
Where I can find installed appz? Lead Expression Linux - Newbie 4 01-25-2005 12:14 PM
Launching apps under Root User Name MDBlueIce Linux - Software 2 08-20-2004 06:15 AM
Where should I be installing appz DraaX Linux - Newbie 4 08-15-2004 06:29 PM
I'm Bored! Linux Appz? aliencasino Linux - Newbie 16 05-24-2004 12:04 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 05:54 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration