Link to home
Create AccountLog in
Avatar of F_A_H_D

asked on

how to fix alias command to user

assume i made alias for the ls command
ls='ls -al' it works fine till i logg off
how i make it fix to the user ?
Avatar of F_A_H_D


and there is any way to make the user permission to run one or two commands only ?
Put the alias in the file $HOME/.profile or, if the alias is specific to the shell that the user is running, put the alias in a startup script for that particular shell: $HOME/.kshrc for Korn shell. Remember that using .kshrc requires "ENV=~/.kshrc" or some such in "$HOME/.profile".
Avatar of woolmilkporc

make the alias permanent by adding the alias command to the $HOME/.profile initialization file of the user.

As for the command restriction - that's not quite straightforward.

You will have to give the user a restricted shell in /etc/passwd, like /bin/rbash or /bin/rksh.
Next, you'll have to take away "user/group write" permission from the $HOME/.profile file of the user, change ownership to "root" so that it's only writeable by "root", set a PATH variable in this .profile to a directory where you must copy only the allowed binaries to, and finally make this PATH variable "readonly".


Avatar of F_A_H_D


ok and for multi alias it should be like this
alias 506='piomisc_base get_job_status -P 'SHSPPI02''
alias 505='piomisc_base get_job_status -P 'SHSPPI01''
alias ls'ls -al'


and please can u make it more clear how to prevent the user to do any other thing .. except the alias commands
Avatar of F_A_H_D


i noticed it doesnt take the second alias it give me error
$ 506
.status: (WARNING): 0781-102 Invalid printer name: SHSPPI02

but im sure the printer is there

and once i login it give error
.profile[10]: ^M:  not found.
Avatar of woolmilkporc
Flag of Germany image

Link to home
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
As I wrote, such a kind of restriction is a bit complicated.

Let's call your user myuser. Do the following as "root".

usermod -s /bin/rksh myuser
-- I use rksh since I assume it's AIX, where ksh is the default shell!

mkdir -p /usr/local/myuser/bin
-- The above directory name is just a suggestion. Use whatever directory location you like.

ln -s /usr/sbin/piomisc_base /usr/local/myuser/bin
ln -s /usr/bin/ls /usr/local/myuser/bin

chmod 755 ~myuser/.profile
chown root ~myuser/.profile

5) In ~myuser/.profile change/add:

-- remove a possibly present PATH definition
-- add:
-- add:
readonly PATH
-- add your alias definitions. Attention: Each binary you use in such a definition must be linked to /usr/local/myuser/bin
alias 506='piomisc_base get_job_status -P SHSPPI02'
alias 505='piomisc_base get_job_status -P SHSPPI01'
alias ls='ls -al'

Save ~myuser/.profile , login as ~myuser and try it out.

I just realized that for piomisc_base to work in a restricted shell you need to have three more binaries in the user's executables directory:

ln -s /usr/bin/tr /usr/local/myuser/bin
ln -s /usr/bin/awk /usr/local/myuser/bin
ln -s /usr/bin/dspmsg /usr/local/myuser/bin
Avatar of F_A_H_D


Regarding the alias what u said is correct ... it works fine ater editing the file using vi

i will be back after trying the other proplem
Avatar of F_A_H_D


thanks man