Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1143
  • Last Modified:

limit the sudo to a directory or a file system

hello,

    Is there any way that i can restrict users to a particular disrectory or filesystem .Can you please let me know if this can be done and how ????????????????????/ON AIX,HP-UX,solaris,linux redhat,suse .....Thanks
0
kaka123
Asked:
kaka123
1 Solution
 
XoFCommented:
Something like that is not possible. Dot.

-XoF-
0
 
ravenplCommented:
You could force calling chroot (man chroot), but then, if user is about to use any application (including shell) it has to be copied/linked(but not symlinked) to the chroot envinronment...
0
 
ahoffmannCommented:
chroot or ACLs, both require proper configuration which is most likely different on each platform
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
XoFCommented:
I think chroot isn't a pretty good idea - at least when assuming, that some users should be able to run the application in question in a "normal" (non-chrooted) environment. This would imply, that all parts of the application (config data, libs, ...) have to be kept twice (once in the original place, once in the jail) - pretty hard to administer.

-XoF-
0
 
arthurjbCommented:
You can use sudo to limit the commands used.

If you have a limited set of commands that your users run, then you could create scripts using those commands, and use sudo to limit the users to those scripts.

Your scripts could use error checking to be sure that the commands are only operating in the directories that you want...
0
 
kaka123Author Commented:
Thank you all for your reply is there any one who is using sudo have a list of the command that you have your deleopers use for example you can limit the command a user can use as sudo shuch as  cp on all diffrent platform the command has have all the command listed for cp has a different path to the command CP=/usr/bin,usr/local/bin   so on and so forth if some one has the file created with the path it will be very help full....

Thank>>>>>>>>>>>>>HELP>>>>>>>>HELP>>>>>>HELP>>>>>>>HELP>>>>>>>>>HELP>>>>>>>>HELP>>>>>>HELP>>>>>HELP>>>>>>>>>>
 
0
 
yuzhCommented:
Agreed with some of the previous comment. sudo is not the tool for what
you want to do "." .

>restrict users to a particular disrectory or filesystem :

   it can be down by setup chroot "jail" ENV for the users, you might have trouble with some of the platforms, see:
   have a look at the following doc to get some idea about how to set it up:

http://www.tjw.org/chroot-login-HOWTO/

also have a look at:

http://chrootssh.sourceforge.net/index.php

Here's an example of chroot login setup:

http://www.kegel.com/crosstool/current/doc/chroot-login-howto.html

Also please have a look at the following page:

      http:Q_21087823.html

   
 You might want to use ACL as ahoffmann already suggested, not sure you can do it for all platforms. (I know it can be done for Solaris and HP-UX). have a look at:
  Here're ACL tutorials (easier to understand):
    http://www.cs.indiana.edu/Facilities/software/ACL.html
    http://supportweb.cs.bham.ac.uk/howto/unix/acls.php

or try Jfacl (GUI) tool:
   http://www.cs.bham.ac.uk/~nrs/jfacl/

   http://nixdoc.net/man-pages/HP-UX/man5/acl.5.html

0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now