Carlos, Carlos E. R. wrote:
The Thursday 2004-06-24 at 17:33 +0200, Ingo Börnig wrote:
How do take care that the command cannot be executed by another user?
By chowning it to that user, for example, and giving it exec permision to owner only (u,x,g-x,o-x). Of course, root would still be able to run it.
That will not be sufficient, you have also to remove read permission for all other users from that file, too: iboernig@sauron:~/bin> ls -l ./pwd -rw-r--r-- 1 iboernig users 12436 2004-06-30 14:10 ./pwd iboernig@sauron:~/bin> ./pwd bash: ./pwd: Permission denied iboernig@sauron:~/bin> /lib/ld-linux.so.2 ./pwd /home/iboernig/bin Better use a chroot environment for this!
You could install it in /home/user/bin, for example, so that root would not accidentally run it. He could still run it intentionally, though.
Perhaps with acl - dunno about that.
Posix ACLs only give additional permissions, root is still allmighty! There will be no way to prevent root to execute ana command. Cheers, -- Ingo Börnig <ingo at boernig.de> /"\ \ / ASCII Ribbon Campaign ask for phone or snail mail X against HTML email / \ GPG-Fingerprint: 2F8B DDFB F2A8 155A 206D 2969 F8FB 3C63 2033 BF32