Re: Sudo to restrict command execution (157 Views)
Reply
Regular Advisor
Ajin_1
Posts: 200
Registered: ‎06-09-2009
Message 1 of 3 (203 Views)

Sudo to restrict command execution

Hi Experts ,

 

Thanks in advance

 

 

My requirement is i want to restrict users to executing commands.

I have 25 users in this server ,the requirement was that will execute only the list of commands (50 commands) ,and restrictall the commands.

Is this achived by sudo or from OS level any other options there.

Thanks & Regards
Ajin.S
Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
Please use plain text.
Honored Contributor
Matti_Kurkela
Posts: 6,271
Registered: ‎12-02-2001
Message 2 of 3 (169 Views)

Re: Sudo to restrict command execution

Sudo is a good tool for allowing the users to execute some sets of commands as some other user.

 

But if you want to restrict the commands available for the users with their normal user accounts, you will need a restricted shell.

 

See "man sh-posix" on a HP-UX and read the paragraph titled "rsh Restrictions", or see "man ksh" and read the paragraph titled "rksh Only" for restricted ksh shell.

 

Basically:

  1. make copies of all the allowed commands, and place them to some directory (e.g. /usr/rbin)
  2. configure the /etc/profile or the ~/.profile of the restricted users so that only that directory will be in their PATH
  3. change the shell of the restricted users to /usr/bin/rsh or /usr/bin/rksh.
MK
Please use plain text.
Regular Advisor
Ajin_1
Posts: 200
Registered: ‎06-09-2009
Message 3 of 3 (157 Views)

Re: Sudo to restrict command execution

 

Hi MK ,

 

Thank you very much.

Really appriciate you.

Thanks & Regards
Ajin.S
Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
Please use plain text.
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation