Skip to main content

How to disable a specific command(s) for a certain user.

By Anonymous
Please follow the below steps to disable a specific command(s) for a certain user.

# su - hari
$ which rm (Here rm command as an example)
$ mkdir ~/bin
$ ln -s /bin/* ~/bin/ (/bin is the PATH for rm)
$ rm -rf ~/bin/rm

Take the output of $PATH for this user

$ echo $PATH > MyPATH.txt
Edit this file and replace /bin with ~/bin

Login as root

$ su -
# cat /home/hari/MyPATH.txt >> /home/hari/.bashrc

Change the permission of /home/hari/.bashrc
# chmod 444 /home/hari/.bashrc
# chattr +i /home/hari/.bashrc


That's all.
But the user can reset the PATH variable anytime to overcome this.
Please comment with alternatives for this.

Comments

Anonymous said…
We can disable SET and ENV for this user in a same way as above.
October 20, 2008 at 10:37 PM
Post a Comment

Popular posts from this blog

Check remote UDP connectivity from Linux

By Anonymous
Hi there, You all know how to check TCP port connectivity from a Linux or UNIX machine to a remote machine using telnet as per th example below $ telnet 127.0.0.1 25 but we can't adopt TELNET to check UDP connectivity. Linux and most of the UNIXes come with a network layer utility called nc (abbreviation for netcat) which is very useful to check UDP connectivity and to explore a lot with both TCP and UDP. An example is shown below # nc -v -u -z -w 3 172.24.16.131 123 Connection to 172.24.16.131 123 port [udp/ntp] succeeded!
4 comments
Read more

The best putty package available

By Anonymous
Bored of Black screened Task bar filling putty? Issues with porting Saved sessions from machine to machine? Do you like tabbed SSH sessions? Start using portaputty instead of normal putty and link it with puttycm . Puttycm supports sessions to be saved in its own Database files. You can use the Putty sessions you have saved already right inside putty. You can have any number of databases which allow you to arrange Remote servers in folders and convenient namings. I personally recommend creating Database with puttycm rather than using the sessions saved in putty which doesn't offer any option to create folders and saving sessions under that directory tree. You can even save username/password to get it logged automatically and there is an option to pass commands to be run soon after login. I can't recommend this since some bug was found with these options. Portaputty is a variant of putty which stores all the Configuration data in text files instead of MS Window
2 comments
Read more

PING.sh

By Anonymous
#!/usr/bin/env bash ## Ping all machines in a Network PING="$(which ping) -c 1 -W 1" echo "Enter Subnet(eg:192.168.0)" read Subnet echo "Do you want to PING the entire network or a RANGE of IPs ? Enter your choice" echo 1. Ping Entire Network echo 2. Ping a RANGE read choice if [ $choice = 1 ]; then { echo Pinging..... for((i=1;i<255;i++)); do ${PING} ${Subnet}.${i} > /dev/null 2> /dev/null if [ $? -eq 0 ]; then echo -e "${Subnet}.${i} is up" fi done } fi if [ $choice = 2 ]; then { echo Enter the Starting IP of Range read a echo Enter the Last IP of Range read b echo Pinging..... for((i=$a;i<$b;i++)); do ${PING} ${Subnet}.${i} > /dev/null 2> /dev/null if [ $? -eq 0 ]; then echo -e "${Subnet}.${i} is up" fi done } fi exit 0
2 comments
Read more