[CentOS] Restricting User Rights massively

William L. Maltby CentOS4Bill at triad.rr.com
Tue Jul 29 13:40:31 UTC 2008

On Tue, 2008-07-29 at 13:05 +0200, Dirk H. Schulz wrote:
> Hi folks,
> is it possible to restrict the rights of a user to only do few, defined 
> actions, e.g. only look up cpu and memory usage, but not walk around in the 
> file system, not see any other hardware details, run any binaries/scripts? 
> I know several different techniques to achieve parts of this (like 
> chrooting him), but is there one technique to get it all?

"Man bash". /-r and /RESTRICTED SHELL

It'll take a little setup to custom taylor it. Permissions, PATH and a
user or group specific bin directory (new one, not one of the standards)
in their PATH. Some copy/symlink (careful with that) of existing
executables may be useful.

Be careful with scripts made available. There is a caveat that
restrictions are removed when a script is being processed.

Carefully constructed .bashrc, bash_profile.

IMO, this is easier to setup than selinux, *may* meet all your needs and
will not be affected by upgrades.

> Dirk
> <snip sig stuff>


More information about the CentOS mailing list