Solved

how to fix alias command to user

Posted on 2011-02-14
10
754 Views
Last Modified: 2012-05-11
assume i made alias for the ls command
ls='ls -al' it works fine till i logg off
how i make it fix to the user ?
0
Comment
Question by:F_A_H_D
  • 5
  • 4
10 Comments
 
LVL 3

Author Comment

by:F_A_H_D
ID: 34886146
and there is any way to make the user permission to run one or two commands only ?
0
 
LVL 14

Expert Comment

by:sjm_ee
ID: 34886206
Put the alias in the file $HOME/.profile or, if the alias is specific to the shell that the user is running, put the alias in a startup script for that particular shell: $HOME/.kshrc for Korn shell. Remember that using .kshrc requires "ENV=~/.kshrc" or some such in "$HOME/.profile".
0
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 34886207
Hi,

make the alias permanent by adding the alias command to the $HOME/.profile initialization file of the user.

As for the command restriction - that's not quite straightforward.

You will have to give the user a restricted shell in /etc/passwd, like /bin/rbash or /bin/rksh.
Next, you'll have to take away "user/group write" permission from the $HOME/.profile file of the user, change ownership to "root" so that it's only writeable by "root", set a PATH variable in this .profile to a directory where you must copy only the allowed binaries to, and finally make this PATH variable "readonly".

wmp

 
0
 
LVL 3

Author Comment

by:F_A_H_D
ID: 34886627
ok and for multi alias it should be like this
alias 506='piomisc_base get_job_status -P 'SHSPPI02''
alias 505='piomisc_base get_job_status -P 'SHSPPI01''
alias ls'ls -al'

?

and please can u make it more clear how to prevent the user to do any other thing .. except the alias commands
0
 
LVL 3

Author Comment

by:F_A_H_D
ID: 34886648
i noticed it doesnt take the second alias it give me error
$ 506
.status: (WARNING): 0781-102 Invalid printer name: SHSPPI02

but im sure the printer is there

and once i login it give error
.profile[10]: ^M:  not found.
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 68

Accepted Solution

by:
woolmilkporc earned 500 total points
ID: 34886669
Seems that you edited the .profile under Windows and transferred it via FTP to Unix.
In this case take care to use "binary" transfer mode, else FTP will add a carriage return (^M) at the end of every line.

No need to have single quotes around the printer name.

alias 506='piomisc_base get_job_status -P SHSPPI02'
alias 505='piomisc_base get_job_status -P SHSPPI01'
alias ls='ls -al'

I'll come back to explain the command restriction!
0
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 34886887
As I wrote, such a kind of restriction is a bit complicated.

Let's call your user myuser. Do the following as "root".

1)
usermod -s /bin/rksh myuser
-- I use rksh since I assume it's AIX, where ksh is the default shell!

2)
mkdir -p /usr/local/myuser/bin
-- The above directory name is just a suggestion. Use whatever directory location you like.

3)
ln -s /usr/sbin/piomisc_base /usr/local/myuser/bin
ln -s /usr/bin/ls /usr/local/myuser/bin

4)
chmod 755 ~myuser/.profile
chown root ~myuser/.profile

5) In ~myuser/.profile change/add:

-- remove a possibly present PATH definition
-- add:
PATH=/usr/local/myuser/bin
-- add:
readonly PATH
-- add your alias definitions. Attention: Each binary you use in such a definition must be linked to /usr/local/myuser/bin
alias 506='piomisc_base get_job_status -P SHSPPI02'
alias 505='piomisc_base get_job_status -P SHSPPI01'
alias ls='ls -al'

Save ~myuser/.profile , login as ~myuser and try it out.

wmp
0
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 34886930
I just realized that for piomisc_base to work in a restricted shell you need to have three more binaries in the user's executables directory:

ln -s /usr/bin/tr /usr/local/myuser/bin
ln -s /usr/bin/awk /usr/local/myuser/bin
ln -s /usr/bin/dspmsg /usr/local/myuser/bin
0
 
LVL 3

Author Comment

by:F_A_H_D
ID: 34887135
Regarding the alias what u said is correct ... it works fine ater editing the file using vi

i will be back after trying the other proplem
0
 
LVL 3

Author Comment

by:F_A_H_D
ID: 34887153
thanks man
0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

Easy CSR creation in Exchange 2007,2010 and 2013
Check out this infographic on what you need to make a good email signature that will work perfectly for your organization.
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now