Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 804
  • Last Modified:

how to fix alias command to user

assume i made alias for the ls command
ls='ls -al' it works fine till i logg off
how i make it fix to the user ?
0
F_A_H_D
Asked:
F_A_H_D
  • 5
  • 4
1 Solution
 
F_A_H_DAuthor Commented:
and there is any way to make the user permission to run one or two commands only ?
0
 
sjm_eeCommented:
Put the alias in the file $HOME/.profile or, if the alias is specific to the shell that the user is running, put the alias in a startup script for that particular shell: $HOME/.kshrc for Korn shell. Remember that using .kshrc requires "ENV=~/.kshrc" or some such in "$HOME/.profile".
0
 
woolmilkporcCommented:
Hi,

make the alias permanent by adding the alias command to the $HOME/.profile initialization file of the user.

As for the command restriction - that's not quite straightforward.

You will have to give the user a restricted shell in /etc/passwd, like /bin/rbash or /bin/rksh.
Next, you'll have to take away "user/group write" permission from the $HOME/.profile file of the user, change ownership to "root" so that it's only writeable by "root", set a PATH variable in this .profile to a directory where you must copy only the allowed binaries to, and finally make this PATH variable "readonly".

wmp

 
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 
F_A_H_DAuthor Commented:
ok and for multi alias it should be like this
alias 506='piomisc_base get_job_status -P 'SHSPPI02''
alias 505='piomisc_base get_job_status -P 'SHSPPI01''
alias ls'ls -al'

?

and please can u make it more clear how to prevent the user to do any other thing .. except the alias commands
0
 
F_A_H_DAuthor Commented:
i noticed it doesnt take the second alias it give me error
$ 506
.status: (WARNING): 0781-102 Invalid printer name: SHSPPI02

but im sure the printer is there

and once i login it give error
.profile[10]: ^M:  not found.
0
 
woolmilkporcCommented:
Seems that you edited the .profile under Windows and transferred it via FTP to Unix.
In this case take care to use "binary" transfer mode, else FTP will add a carriage return (^M) at the end of every line.

No need to have single quotes around the printer name.

alias 506='piomisc_base get_job_status -P SHSPPI02'
alias 505='piomisc_base get_job_status -P SHSPPI01'
alias ls='ls -al'

I'll come back to explain the command restriction!
0
 
woolmilkporcCommented:
As I wrote, such a kind of restriction is a bit complicated.

Let's call your user myuser. Do the following as "root".

1)
usermod -s /bin/rksh myuser
-- I use rksh since I assume it's AIX, where ksh is the default shell!

2)
mkdir -p /usr/local/myuser/bin
-- The above directory name is just a suggestion. Use whatever directory location you like.

3)
ln -s /usr/sbin/piomisc_base /usr/local/myuser/bin
ln -s /usr/bin/ls /usr/local/myuser/bin

4)
chmod 755 ~myuser/.profile
chown root ~myuser/.profile

5) In ~myuser/.profile change/add:

-- remove a possibly present PATH definition
-- add:
PATH=/usr/local/myuser/bin
-- add:
readonly PATH
-- add your alias definitions. Attention: Each binary you use in such a definition must be linked to /usr/local/myuser/bin
alias 506='piomisc_base get_job_status -P SHSPPI02'
alias 505='piomisc_base get_job_status -P SHSPPI01'
alias ls='ls -al'

Save ~myuser/.profile , login as ~myuser and try it out.

wmp
0
 
woolmilkporcCommented:
I just realized that for piomisc_base to work in a restricted shell you need to have three more binaries in the user's executables directory:

ln -s /usr/bin/tr /usr/local/myuser/bin
ln -s /usr/bin/awk /usr/local/myuser/bin
ln -s /usr/bin/dspmsg /usr/local/myuser/bin
0
 
F_A_H_DAuthor Commented:
Regarding the alias what u said is correct ... it works fine ater editing the file using vi

i will be back after trying the other proplem
0
 
F_A_H_DAuthor Commented:
thanks man
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

  • 5
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now