Thanks to all who helped - rbash seems to be a good starting point since selinux is quite complex and takes some time to get into. Dirk --On 29. Juli 2008 09:40:31 -0400 "William L. Maltby" <CentOS4Bill at triad.rr.com> wrote: > > On Tue, 2008-07-29 at 13:05 +0200, Dirk H. Schulz wrote: >> Hi folks, >> >> is it possible to restrict the rights of a user to only do few, defined >> actions, e.g. only look up cpu and memory usage, but not walk around in >> the file system, not see any other hardware details, run any >> binaries/scripts? I know several different techniques to achieve parts >> of this (like chrooting him), but is there one technique to get it all? > > "Man bash". /-r and /RESTRICTED SHELL > > It'll take a little setup to custom taylor it. Permissions, PATH and a > user or group specific bin directory (new one, not one of the standards) > in their PATH. Some copy/symlink (careful with that) of existing > executables may be useful. > > Be careful with scripts made available. There is a caveat that > restrictions are removed when a script is being processed. > > Carefully constructed .bashrc, bash_profile. > > IMO, this is easier to setup than selinux, *may* meet all your needs and > will not be affected by upgrades. > >> >> Dirk >> <snip sig stuff> > > HTH > -- > BILL > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos -------------------------------------------------------------- Dirk H. Schulz IT Systems Service Wiesenweg 12, 85567 Grafing Tel. 0 80 92/86 25 68 Fax. 0 80 92/86 25 72 -------------------------------------------------------------- Technik vom Feinsten - und das nötige Tuning