?
Solved

How to disable linux UNZIP function ?

Posted on 2009-02-13
5
Medium Priority
?
327 Views
Last Modified: 2013-12-26
Hi,

May i know how to disable "unzip" from running my my shared hosting user ?

I would like to disable the zipfile from being extracted using the server unzip function.

My server are using Centos 5.2 Enterprise.

Appreciates if anybody can help me on this .

Thank you.
0
Comment
Question by:smksa
5 Comments
 
LVL 68

Accepted Solution

by:
woolmilkporc earned 1000 total points
ID: 23633843
Hi,
locate your zip/unzip binaries and remove their 'execute' flag for 'others'
chmod o-x [/path/to/zip] [/path/to/unzip]
and see if this helps.
wmp
 
0
 
LVL 8

Assisted Solution

by:mostart
mostart earned 1000 total points
ID: 23633844
If you don't want to completely uninstall the unzip command you might think of a symbolic link like this:

(I consider unzip to live under /usr/bin)

ln -s /bin/true /usr/local/bin/unzip  (you might need to adapt the path to your needs just make sure the link file is in a path that appears first in the users $PATH environment)

Of course this way th users could still call /usr/bin/unzip explicitly. But if they just type "unzip" it will just return "true"

Otherwise you could change the mode of /usr/bin/unzip like this "chmod go-x /usr/bin/unzip" this way only the owner (probably root) can run it. The drawback is, this might be overwritten on update.
0
 
LVL 29

Expert Comment

by:fosiul01
ID: 23633988
HI,
are you saying you dont want user to excute "tar  " such tar -xvzf command  ??

in that case i dont think its possible

you an woolmilkporc and mostart to chage file permisison ..

but if you could of explain little bit more it would be good understand
0
 
LVL 29

Expert Comment

by:fosiul01
ID: 23634123
Or if you want just after unzip command

which is : http://linux.about.com/od/commands/l/blcmdl1_unzip.htm

then you can do

rpm -e unzip

it sould delete unzip command from your system
0
 
LVL 5

Expert Comment

by:dcesari
ID: 23648206
Anyway, a malicious user who has write access to any directory in your system, even just /tmp, could still install an unzip executable and run it; a workaround could be to mount all the user writable filsystems with the noexec option (see man mount) so that users cannot run executables installed there, but this may break some applications.
0

Featured Post

Upgrade your Question Security!

Add Premium security features to your question to ensure its privacy or anonymity. Learn more about your ability to control Question Security today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Background Still having to process all these year-end "csv" files received from all these sources (including Government entities), sometimes we have the need to examine the contents due to data error, etc... As a "Unix" shop, our only readily …
Recently, an awarded photographer, Selina De Maeyer (http://www.selinademaeyer.com/), completed a photo shoot of a beautiful event (http://www.sintjacobantwerpen.be/verslag-en-fotoreportage-van-de-sacramentsprocessie-door-antwerpen#thumbnails) in An…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
Suggested Courses
Course of the Month17 days, left to enroll

862 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question