Help - Search - Members - Calendar
Full Version: Disabling Commands
Linuxhelp > Support > Technical Support
Beethovan
I'm using a SSH server to authenticate users, and i've set the shell to rbash so that they cant browse around, but is there a way to disable commands such as Finger and ping and others so that when these limited users access the machine they cant use those commands? any info would be greatly appreciated.

Thomas
jetblackz
It can be easily accomplished with sudo.

man sudo

for details.
jetblackz
Then add aliases to all questionable commands in your /etc/profile, i.e.:

alias ftp='sudo ftp'

so that the commands must be run with sudo.
hughesjr
you could also change the group ownership of the files in question with chgrp (to a group that you can put trusted users in) ... (ie make a group called trusted and put all the trusted users in there) ...

then:

chgrp trusted filename

then

chmod 750 filename

HOWEVER, it looks to me like they can't change their PATH ... and they can't run commands with a / in it ...

so if you restrict their path to /usr/local/bin and only link in the executables you want there, you should be OK.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2017 Invision Power Services, Inc.