Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

how to fix alias command to user

Posted on 2011-02-14
10
Medium Priority
?
799 Views
Last Modified: 2012-05-11
assume i made alias for the ls command
ls='ls -al' it works fine till i logg off
how i make it fix to the user ?
0
Comment
Question by:F_A_H_D
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
10 Comments
 
LVL 3

Author Comment

by:F_A_H_D
ID: 34886146
and there is any way to make the user permission to run one or two commands only ?
0
 
LVL 14

Expert Comment

by:sjm_ee
ID: 34886206
Put the alias in the file $HOME/.profile or, if the alias is specific to the shell that the user is running, put the alias in a startup script for that particular shell: $HOME/.kshrc for Korn shell. Remember that using .kshrc requires "ENV=~/.kshrc" or some such in "$HOME/.profile".
0
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 34886207
Hi,

make the alias permanent by adding the alias command to the $HOME/.profile initialization file of the user.

As for the command restriction - that's not quite straightforward.

You will have to give the user a restricted shell in /etc/passwd, like /bin/rbash or /bin/rksh.
Next, you'll have to take away "user/group write" permission from the $HOME/.profile file of the user, change ownership to "root" so that it's only writeable by "root", set a PATH variable in this .profile to a directory where you must copy only the allowed binaries to, and finally make this PATH variable "readonly".

wmp

 
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 3

Author Comment

by:F_A_H_D
ID: 34886627
ok and for multi alias it should be like this
alias 506='piomisc_base get_job_status -P 'SHSPPI02''
alias 505='piomisc_base get_job_status -P 'SHSPPI01''
alias ls'ls -al'

?

and please can u make it more clear how to prevent the user to do any other thing .. except the alias commands
0
 
LVL 3

Author Comment

by:F_A_H_D
ID: 34886648
i noticed it doesnt take the second alias it give me error
$ 506
.status: (WARNING): 0781-102 Invalid printer name: SHSPPI02

but im sure the printer is there

and once i login it give error
.profile[10]: ^M:  not found.
0
 
LVL 68

Accepted Solution

by:
woolmilkporc earned 2000 total points
ID: 34886669
Seems that you edited the .profile under Windows and transferred it via FTP to Unix.
In this case take care to use "binary" transfer mode, else FTP will add a carriage return (^M) at the end of every line.

No need to have single quotes around the printer name.

alias 506='piomisc_base get_job_status -P SHSPPI02'
alias 505='piomisc_base get_job_status -P SHSPPI01'
alias ls='ls -al'

I'll come back to explain the command restriction!
0
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 34886887
As I wrote, such a kind of restriction is a bit complicated.

Let's call your user myuser. Do the following as "root".

1)
usermod -s /bin/rksh myuser
-- I use rksh since I assume it's AIX, where ksh is the default shell!

2)
mkdir -p /usr/local/myuser/bin
-- The above directory name is just a suggestion. Use whatever directory location you like.

3)
ln -s /usr/sbin/piomisc_base /usr/local/myuser/bin
ln -s /usr/bin/ls /usr/local/myuser/bin

4)
chmod 755 ~myuser/.profile
chown root ~myuser/.profile

5) In ~myuser/.profile change/add:

-- remove a possibly present PATH definition
-- add:
PATH=/usr/local/myuser/bin
-- add:
readonly PATH
-- add your alias definitions. Attention: Each binary you use in such a definition must be linked to /usr/local/myuser/bin
alias 506='piomisc_base get_job_status -P SHSPPI02'
alias 505='piomisc_base get_job_status -P SHSPPI01'
alias ls='ls -al'

Save ~myuser/.profile , login as ~myuser and try it out.

wmp
0
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 34886930
I just realized that for piomisc_base to work in a restricted shell you need to have three more binaries in the user's executables directory:

ln -s /usr/bin/tr /usr/local/myuser/bin
ln -s /usr/bin/awk /usr/local/myuser/bin
ln -s /usr/bin/dspmsg /usr/local/myuser/bin
0
 
LVL 3

Author Comment

by:F_A_H_D
ID: 34887135
Regarding the alias what u said is correct ... it works fine ater editing the file using vi

i will be back after trying the other proplem
0
 
LVL 3

Author Comment

by:F_A_H_D
ID: 34887153
thanks man
0

Featured Post

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article lists the top 5 free OST to PST Converter Tools. These tools save a lot of time for users when they want to convert OST to PST after their exchange server is no longer available or some other critical issue with exchange server or impor…
Are you an Exchange administrator employed with an organization? And, have you encountered a corrupt Exchange database due to which you are not able to open its EDB file. This article will explain all the steps to repair corrupt Exchange database.
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question