LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 02-23-2007, 03:43 AM   #1
Tux-Slack
Member
 
Registered: Nov 2006
Location: Slovenia
Distribution: Slackware 13.37
Posts: 511

Rep: Reputation: 37
limit specific proces to a specific user


what i wan't to do is to limit some of my users
from runing a specific proces, not all of them but just some of them
and i also want that some of my users may run theese proceses
so noexec doesn't come in handy here

the kernel version is 2.4.33.3
distro is Slack 11
 
Old 02-23-2007, 06:12 AM   #2
blackhole54
Senior Member
 
Registered: Mar 2006
Posts: 1,896

Rep: Reputation: 61
If you mean you wish to restrict who runs certain binaries, you can accomplish that by only allowing the owner (which I am guessing will be root) and a particular group to execute that binary -- i.e. turn off execution, and maybe read, for other. Create a special group for this and add the users you wish to allow to run it to that group.

Depending on what you are doing, you may need to make sure that users can't do an end run around this by copying a version (perhaps from an external source) to a directorory they can write to and execute from, and running that. On most systems, you can guard against that by making /tmp and /home noexec. You also would need to make sure they can't execute from removable media (I don't know how to advise you on this last detail).
 
Old 02-23-2007, 03:43 PM   #3
Tux-Slack
Member
 
Registered: Nov 2006
Location: Slovenia
Distribution: Slackware 13.37
Posts: 511

Original Poster
Rep: Reputation: 37
i've been thinking about this noexec stuff
but im leaving this for my last resort

well the owner is not root
the owner can be the user himself

let's take for example the Shoutcast server
every non-root user can install and run it on my server
but i want to limit some of my users from runing this binary
but i still want to allow some of my users to run this binary

and i'm getting pretty tired of killing all of those not wanted process
 
Old 02-23-2007, 11:38 PM   #4
blackhole54
Senior Member
 
Registered: Mar 2006
Posts: 1,896

Rep: Reputation: 61
I won't say it is impossible, but if everybody has shell access (or some other way to launch a program), I would think it would be incredibly difficult to do what you want. Even if you find some way to keep people from launching something that identifies itself as Shoutcast, somebody could get around it by calling the program something else. It would seem you would require whitelisting using digital signatures or something.

W/o using noexec (and maybe even using it), it sounds like a very difficult problem to me. All I can do is wish you good luck. Maybe somebody else has a really clever idea.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Limit Browser to specific domains whayford Linux - General 5 05-31-2006 07:49 AM
User proces limit webserve Linux - Security 7 08-12-2005 07:52 PM
Upload limit on specific port with Trickle Ducks Linux - Networking 0 06-02-2005 04:51 PM
Want to limit Memory to a specific Process tstaples Linux - General 3 01-26-2005 01:59 PM
How to limit the size of a specific file ericthyred Linux - Software 1 04-15-2004 11:13 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 03:55 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration