Date: Wed, 31 Jul 2002 20:35:11 -0400 (EDT) From: rodsmith@rodsbooks.com (Rod Smith) To: pirat@access.inet.co.th Cc: freebsd-questions@freebsd.org Subject: Re: prevent user from running some program Message-ID: <20020801003511.C96DD2B80A@speaker.rodsbooks.com> In-Reply-To: <20020729042915.GA35781@thai-aec.org>
next in thread | previous in thread | raw e-mail | index | archive | help
---Reply to mail from pirat about prevent user from running some program > hi sirs, > > am using freebsd 4.6-stable. > i have a simple question that is if i just want some users to be able to run > only xfig what should i do. and on the other hand if i do not want them to run > xfig, is there any command to accomplish this ? You can change permissions and group ownership on the binary to permit only the owner (presumably root) and the program's group to run it. For instance: # chgrp xfiguser /usr/X11R6/bin/xfig # chmod 0750 /usr/X11R6/bin/xfig You'd then add any users who should be able to run xfig to the xfiguser group (which must exist before you type the first command). (Note I'm not sure where xfig actually exists, since my FreeBSD system is powered down at the moment.) This procedure comes with a **HUGE** caveat, though: For most programs, users can easily overcome the limitation by installing "private" copies of the program executable in their own home directories. This may not be practical for some very big programs if you use account quotas, and you may be able to restrict executable rights on a home directory partition on some systems, but overall it's a big hole in this process. -- Rod Smith rodsmith@rodsbooks.com http://www.rodsbooks.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020801003511.C96DD2B80A>