?
Solved

Priviledged Users

Posted on 2006-10-18
11
Medium Priority
?
353 Views
Last Modified: 2013-12-15

 Hi Experts!!,

We are using RHEL AS 2.1 system.
1. We want to give certain priviledged commands execution permission to Valid Linux Users.

 E.g  A user called test should be able to execute priviledged commands such as
 
   fdisk , setup etc. But he should not be able to execute any other priviledged commands.

 How do I give such authority to a particular user.


2. How do we restrict a particular user to his home directory. He should not be able to

   go anywhere else . He should not be even permitted to see(read) the files in any other
    directory other than his home directory. He should not be even go ( "cd" ) to any other directory. How do we setup such user ? I know chroot is one way. But how to configure it.

Please Help.
0
Comment
Question by:harmsingh
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 4
11 Comments
 
LVL 45

Expert Comment

by:sunnycoder
ID: 17763576
Hi harmsingh,

1. Use sudo utility ... "Allows administrator to give restricted root access."
man sudo
http://www.courtesan.com/sudo/
http://www.courtesan.com/sudo/man/sudo.html

2. Set directory permissions as 0700, i.e. only the owner would be able to read,write and browse the directories .. Others can neither read nor write nor browse the directories.

man chmod

Cheers!
sunnycoder
0
 

Author Comment

by:harmsingh
ID: 17763748

 Please go thru the question again. Our requirement is somewhat different


1. We dont want to give a particular user , administrative sudo access . With this he would be able to execute all the administrative commands. We just want a user should be able to execute few defined administrative commands and not all .

2. We expect the user to be restricted to his home directory such that this user is not allowed to go anywhere else other than his home dir. He should not be able to (ls/cd) to any of the directories.
Hope I'm clear now.
0
 
LVL 45

Expert Comment

by:sunnycoder
ID: 17763762
1. That is exactly what sudo does ... It does not delegate root access in totality .. You can configure which privileged commands can be executed by a user. Take some time to read the man page - First line from the description in man page "sudo allows a permitted user to execute a command as the superuser or another user, as specified in the sudoers file."

2. If directories have permissions 0700, A user will be restricted to home directory only as that is all user would own.
If this solution sounds too extreme, you can use a wrapper script to be used as cd/ls command but that would not prevent user from using some other commands or even custom code to access other directories
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 

Author Comment

by:harmsingh
ID: 17763806

Please note that the 2 requirements are for different users.

1. Sounds good . Will try out and confirm.
2.Wrapper script ??
0
 
LVL 45

Expert Comment

by:sunnycoder
ID: 17763817
Wrapper script ... this would be installed in place of the command .. It would first verify if user has access permissions of the directory he/she is trying to access .. If yes it would call actual cd command else it would throw an error and exit.
0
 
LVL 45

Expert Comment

by:sunnycoder
ID: 17763824
0
 

Author Comment

by:harmsingh
ID: 17763850
How to write such script ?? Any reference please ??
0
 
LVL 45

Expert Comment

by:sunnycoder
ID: 17763863
Such script will affect all users.
0
 
LVL 45

Accepted Solution

by:
sunnycoder earned 375 total points
ID: 17763880
0
 

Author Comment

by:harmsingh
ID: 17763910
I really have to accept now . :-) ....Thanks.
0
 
LVL 45

Expert Comment

by:sunnycoder
ID: 17763921
0

Featured Post

Will your db performance match your db growth?

In Percona’s white paper “Performance at Scale: Keeping Your Database on Its Toes,” we take a high-level approach to what you need to think about when planning for database scalability.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I am a long time windows user and for me it is normal to have spaces in directory and file names. Changing to Linux I found myself frustrated when I moved my windows data over to my new Linux computer. The problem occurs when at the command line.…
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial
Suggested Courses

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question