limit the sudo to a directory or a file system

Posted on 2006-04-20
Last Modified: 2013-12-06

    Is there any way that i can restrict users to a particular disrectory or filesystem .Can you please let me know if this can be done and how ????????????????????/ON AIX,HP-UX,solaris,linux redhat,suse .....Thanks
Question by:kaka123
    LVL 7

    Expert Comment

    Something like that is not possible. Dot.

    LVL 43

    Expert Comment

    You could force calling chroot (man chroot), but then, if user is about to use any application (including shell) it has to be copied/linked(but not symlinked) to the chroot envinronment...
    LVL 51

    Expert Comment

    chroot or ACLs, both require proper configuration which is most likely different on each platform
    LVL 7

    Expert Comment

    I think chroot isn't a pretty good idea - at least when assuming, that some users should be able to run the application in question in a "normal" (non-chrooted) environment. This would imply, that all parts of the application (config data, libs, ...) have to be kept twice (once in the original place, once in the jail) - pretty hard to administer.

    LVL 14

    Expert Comment

    You can use sudo to limit the commands used.

    If you have a limited set of commands that your users run, then you could create scripts using those commands, and use sudo to limit the users to those scripts.

    Your scripts could use error checking to be sure that the commands are only operating in the directories that you want...

    Author Comment

    Thank you all for your reply is there any one who is using sudo have a list of the command that you have your deleopers use for example you can limit the command a user can use as sudo shuch as  cp on all diffrent platform the command has have all the command listed for cp has a different path to the command CP=/usr/bin,usr/local/bin   so on and so forth if some one has the file created with the path it will be very help full....

    LVL 38

    Accepted Solution

    Agreed with some of the previous comment. sudo is not the tool for what
    you want to do "." .

    >restrict users to a particular disrectory or filesystem :

       it can be down by setup chroot "jail" ENV for the users, you might have trouble with some of the platforms, see:
       have a look at the following doc to get some idea about how to set it up:

    also have a look at:

    Here's an example of chroot login setup:

    Also please have a look at the following page:


     You might want to use ACL as ahoffmann already suggested, not sure you can do it for all platforms. (I know it can be done for Solaris and HP-UX). have a look at:
      Here're ACL tutorials (easier to understand):

    or try Jfacl (GUI) tool:


    Featured Post

    Do You Know the 4 Main Threat Actor Types?

    Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

    Join & Write a Comment

    Attention: This article will no longer be maintained. If you have any questions, please feel free to mail me. Please see for the updated article. It is avail…
    When you do backups in the Solaris Operating System, the file system must be inactive. Otherwise, the output may be inconsistent. A file system is inactive when it's unmounted or it's write-locked by the operating system. Although the fssnap utility…
    Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
    Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…

    745 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    14 Experts available now in Live!

    Get 1:1 Help Now