On Wednesday 30 June 2004 14:20, Ingo Boernig wrote:
Carlos,
Carlos E. R. wrote:
The Thursday 2004-06-24 at 17:33 +0200, Ingo B�rnig wrote:
How do take care that the command cannot be executed by another user?
By chowning it to that user, for example, and giving it exec permision to owner only (u,x,g-x,o-x). Of course, root would still be able to run it.
That will not be sufficient, you have also to remove read permission for all other users from that file, too:
iboernig@sauron:~/bin> ls -l ./pwd -rw-r--r-- 1 iboernig users 12436 2004-06-30 14:10 ./pwd iboernig@sauron:~/bin> ./pwd bash: ./pwd: Permission denied iboernig@sauron:~/bin> /lib/ld-linux.so.2 ./pwd /home/iboernig/bin
Better use a chroot environment for this!
You could install it in /home/user/bin, for example, so that root would not accidentally run it. He could still run it intentionally, though.
Perhaps with acl - dunno about that.
Posix ACLs only give additional permissions, root is still allmighty! There will be no way to prevent root to execute ana command.
There is. You might want to have a look at RSBAC (www.rsbac.org). With RSBAC, even root can be restricted in many ways.