[Ilugc] Restricting Access

Binand Sethumadhavan binand at gmail.com
Wed Jun 21 10:18:06 IST 2006


On 21/06/06, Pranavam S <pranavam.s at gmail.com> wrote:
> 1. There are some applications which are common to all users like
> XMMS, Amarok, etc.  I have separate users for every persons who access
> my system, but i want to know how could i restrict those applications
> from selected users. say i have three users

The easiest (and reasonably secure) way to do this is to recompile
bash with the --enable-restricted configure option, and then set the
shell for these users as rbash. Once you have that, do:

a. Create a directory, say /usr/local/allowed-apps
b. Symlink all the programs you want to allow your users to access,
from this directory: ln -s /usr/bin/xmms /usr/local/allowed-apps
c. Add all the users you want to have restricted access to say, a new
group: groupadd restricted; usermod -G restricted username. Change
their shell to rbash (usermod -s /bin/rbash username)
d. Add a small script in /etc/profile.d which will check if a user is
in your restricted group, and if yes, does something like:
PATH=/usr/local/allowed-apps; export PATH

> 2.  I have a desktop pc with P1 processor and 64 mb ram, i need to
> connect that system to my SUSE along with remote access to XServer.

How about a liveCD?

Binand


More information about the ilugc mailing list