limit the sudo to a directory or a file system

hello,

    Is there any way that i can restrict users to a particular disrectory or filesystem .Can you please let me know if this can be done and how ????????????????????/ON AIX,HP-UX,solaris,linux redhat,suse .....Thanks
kaka123Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

XoFCommented:
Something like that is not possible. Dot.

-XoF-
0
ravenplCommented:
You could force calling chroot (man chroot), but then, if user is about to use any application (including shell) it has to be copied/linked(but not symlinked) to the chroot envinronment...
0
ahoffmannCommented:
chroot or ACLs, both require proper configuration which is most likely different on each platform
0
Cloud Class® Course: Microsoft Office 2010

This course will introduce you to the interfaces and features of Microsoft Office 2010 Word, Excel, PowerPoint, Outlook, and Access. You will learn about the features that are shared between all products in the Office suite, as well as the new features that are product specific.

XoFCommented:
I think chroot isn't a pretty good idea - at least when assuming, that some users should be able to run the application in question in a "normal" (non-chrooted) environment. This would imply, that all parts of the application (config data, libs, ...) have to be kept twice (once in the original place, once in the jail) - pretty hard to administer.

-XoF-
0
arthurjbCommented:
You can use sudo to limit the commands used.

If you have a limited set of commands that your users run, then you could create scripts using those commands, and use sudo to limit the users to those scripts.

Your scripts could use error checking to be sure that the commands are only operating in the directories that you want...
0
kaka123Author Commented:
Thank you all for your reply is there any one who is using sudo have a list of the command that you have your deleopers use for example you can limit the command a user can use as sudo shuch as  cp on all diffrent platform the command has have all the command listed for cp has a different path to the command CP=/usr/bin,usr/local/bin   so on and so forth if some one has the file created with the path it will be very help full....

Thank>>>>>>>>>>>>>HELP>>>>>>>>HELP>>>>>>HELP>>>>>>>HELP>>>>>>>>>HELP>>>>>>>>HELP>>>>>>HELP>>>>>HELP>>>>>>>>>>
 
0
yuzhCommented:
Agreed with some of the previous comment. sudo is not the tool for what
you want to do "." .

>restrict users to a particular disrectory or filesystem :

   it can be down by setup chroot "jail" ENV for the users, you might have trouble with some of the platforms, see:
   have a look at the following doc to get some idea about how to set it up:

http://www.tjw.org/chroot-login-HOWTO/

also have a look at:

http://chrootssh.sourceforge.net/index.php

Here's an example of chroot login setup:

http://www.kegel.com/crosstool/current/doc/chroot-login-howto.html

Also please have a look at the following page:

      http:Q_21087823.html

   
 You might want to use ACL as ahoffmann already suggested, not sure you can do it for all platforms. (I know it can be done for Solaris and HP-UX). have a look at:
  Here're ACL tutorials (easier to understand):
    http://www.cs.indiana.edu/Facilities/software/ACL.html
    http://supportweb.cs.bham.ac.uk/howto/unix/acls.php

or try Jfacl (GUI) tool:
   http://www.cs.bham.ac.uk/~nrs/jfacl/

   http://nixdoc.net/man-pages/HP-UX/man5/acl.5.html

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Unix OS

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.