how to restrict command to user - Aix

This is a discussion on how to restrict command to user - Aix ; Hi all, can any one tell me how to restrict some sommands to user.. example, crontab, at, batch, lsvg etc,. Regards ```````````` Kavin...

+ Reply to Thread
Results 1 to 5 of 5

Thread: how to restrict command to user

  1. how to restrict command to user

    Hi all,

    can any one tell me how to restrict some sommands to user..

    example,
    crontab, at, batch, lsvg etc,.

    Regards
    ````````````
    Kavin


  2. Re: how to restrict command to user

    kavin wrote:
    > Hi all,
    >
    > can any one tell me how to restrict some sommands to user..
    >
    > example,
    > crontab, at, batch, lsvg etc,.
    >
    > Regards
    > ````````````
    > Kavin
    >


    namely for crontab(1) and at(1) there are 2 config files
    /var/adm/cron/cron.allow and cron.deny and at.allow at.deny respectively
    which control their usage.

    More generally you can control execution permissions through the unix
    file system permissions (surely you know chmod). So your restricted
    users could be in the "staff" group and you could take away "others
    execute" permission from /bin/lsvg. BUT you need to be very careful that
    you understand which users (maybe not so obviously at first glance) use
    the commands and not to lock them out which could result in very subtle
    and hard to discover malfunctions.

    Better approach in my opinion would be to give your untrustworthy users
    a restricted shell (rksh e.g.), remove /bin, /usr/bin and so on from the
    PATH and set up ksh aliases for the commands they need to use.
    That's what IBM chose as a method for torturing, er... restricting HMC
    administration users.

    hth
    Joachim

  3. Re: how to restrict command to user

    On Aug 30, 2:45 am, kavin wrote:
    > Hi all,
    >
    > can any one tell me how to restrict some sommands to user..
    >
    > example,
    > crontab, at, batch, lsvg etc,.
    >
    > Regards
    > ````````````
    > Kavin


    Do you mean not allow a user to execute certain commands? If so, you
    can do this by turning off world execute permission and ensuring that
    the users isn't in a group that has group execute.

    HTH

    -Jim Lane


  4. Re: how to restrict command to user

    On Aug 30, 1:45 am, kavin wrote:
    > Hi all,
    >
    > can any one tell me how to restrict some sommands to user..
    >
    > example,
    > crontab, at, batch, lsvg etc,.
    >
    > Regards
    > ````````````
    > Kavin


    Investigate the use of sudo. It is a very useful tool.

    Miles


  5. Re: how to restrict command to user

    On Aug 31, 12:46 am, miles wrote:
    > On Aug 30, 1:45 am, kavin wrote:
    >
    > > Hi all,

    >
    > > can any one tell me how to restrict some sommands to user..

    >
    > > example,
    > > crontab, at, batch, lsvg etc,.

    >
    > > Regards
    > > ````````````
    > > Kavin

    >
    > Investigate the use of sudo. It is a very useful tool.
    >
    > Miles


    hear, here
    (or is that "hear, hear" ?)


+ Reply to Thread