kaka123
asked on
limit the sudo to a directory or a file system
hello,
Is there any way that i can restrict users to a particular disrectory or filesystem .Can you please let me know if this can be done and how ????????????????????/ON AIX,HP-UX,solaris,linux redhat,suse .....Thanks
Is there any way that i can restrict users to a particular disrectory or filesystem .Can you please let me know if this can be done and how ????????????????????/ON AIX,HP-UX,solaris,linux redhat,suse .....Thanks
You could force calling chroot (man chroot), but then, if user is about to use any application (including shell) it has to be copied/linked(but not symlinked) to the chroot envinronment...
chroot or ACLs, both require proper configuration which is most likely different on each platform
I think chroot isn't a pretty good idea - at least when assuming, that some users should be able to run the application in question in a "normal" (non-chrooted) environment. This would imply, that all parts of the application (config data, libs, ...) have to be kept twice (once in the original place, once in the jail) - pretty hard to administer.
-XoF-
-XoF-
You can use sudo to limit the commands used.
If you have a limited set of commands that your users run, then you could create scripts using those commands, and use sudo to limit the users to those scripts.
Your scripts could use error checking to be sure that the commands are only operating in the directories that you want...
If you have a limited set of commands that your users run, then you could create scripts using those commands, and use sudo to limit the users to those scripts.
Your scripts could use error checking to be sure that the commands are only operating in the directories that you want...
ASKER
Thank you all for your reply is there any one who is using sudo have a list of the command that you have your deleopers use for example you can limit the command a user can use as sudo shuch as cp on all diffrent platform the command has have all the command listed for cp has a different path to the command CP=/usr/bin,usr/local/bin so on and so forth if some one has the file created with the path it will be very help full....
Thank>>>>>>>>>>>>>HELP>>>> >>>>HELP>> >>>>HELP>> >>>>>HELP> >>>>>>>>HE LP>>>>>>>> HELP>>>>>> HELP>>>>>H ELP>>>>>>> >>>
Thank>>>>>>>>>>>>>HELP>>>>
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
-XoF-