restricting chmod usage 1

[riteshp]

Hi,

I am trying to take away CHMOD capability from certain users.I know I can use sudo to allow capabilites to certain commands but how can I take away capabilites such as CHMOD?


Thanks In Advance

 

[teddy74]

Hi ritesh !

How abt moving the chmod utility from /usr/bin to a directory which is accessible only to the root and other
syadmin users ..say /usr/sbin. Hope it helps
Rajesh rajeshrcmc@hotmail.com
"Better to ask a question once and be thought a fool once, than never to ask and remain a fool forever"

 

[mediatech]

You can rename chmod, then replace it with a script that checks that the user is authorised, then calls the real chmod. You need to set the real chmod and script to suid for this to work, so be careful.

 

[unixqueen]

Hi riteshp,

Users will only be able to chmod files for which either they are the owners.

You might be able to turn your problem around, for example, would it be work in your case to change the file owner/permissions so that the user cannot chmod the files, but can still read them.

If you did choose to use sudo, then you can set it up to allow whatever users you want, to use whichever root commands you allow. You are in complete control.

I personally wouldn't suggest renaming chmod, or moving it to another directory for fear of upsetting any scripts in place now or in the future, or possibly opening up security issues.

Queeie

 

[dcutinha]

Hi

How about using restricted Shell and only give
the commands really required to the users.

br,
s-)
DJC