[TriLUG] Limited Access User Account
Dhruv Gami
gami at d10systems.com
Wed Sep 14 01:42:52 EDT 2005
Hello Everyone,
I am trying to setup an account for a user, who is to be given limited
access. For example, this user should be able to run things like reboot,
useradd, ifconfig, tail, emacs (or vi) ... essentially a list of
programs that I specify, and only those programs.
Googling around for this got me to some posts on other mailing lists
that mentioned something to the effect of using bash with the -r
directive to get restricted shell which can execute only the programs in
its bin directory. With this approach, I was unable to figure out how to
set bash -r as the default shell for the user, and was confused whether
or not i can set superuser programs like ifconfig to run from this
user's account.
Is there any other way to do this ? I know theoretically i could define
a group and set it up in some way to get this done, but i dont know how
to get that done. Google didn't reveal much practical information, only
theoretical capabilities.
Any pointers ?
regards,
Gami
More information about the TriLUG
mailing list