0

I want to constrain the user to only have permissions for specific commands in Centos but he need to access root directory.

I want to prevent user from removing, restart, shut down

But he should be able to read, kill processes, run processes, show running processes, create files and directory, view it ..

I tried to use restricted users with rbash, but he unable to use cd command and he has access to /home/username only!

$ cd
-rbash: cd: restricted

is there any solution?

Improve this question
3
  • 2
    I'm not sure that a robust generic solution to this is possible - As soon as the user can kill PID 1 they can shut down the system for a start. If someone can create files and run processes they can also make their own version of a shutdown/reboot/rm command. Instead of an "Allow all except" mentality, can you use a mechanism to change this to a "Deny all except" solution - possibly something you can implement via a tight script?
    – davidgo
    Commented Oct 20, 2021 at 8:54
  • 1
    Also, come to think of it - for a robust partial solution (ie won't stop a hacker, will stop a careless user) why can't you give the user regular permissions and "sudo" access to specific commands with a regular shell ? Also see tecmint.com/disable-shutdown-and-reboot-commands-in-linux
    – davidgo
    Commented Oct 20, 2021 at 8:57
  • 1
    Also, bear in mind SysRq - matoski.com/article/emergency-reboot-shutdown-linux-sysrq
    – davidgo
    Commented Oct 20, 2021 at 9:00

0

Reset to default

You must log in to answer this question.

Browse other questions tagged .