On 06.11.2004 00:35 Stephen Le wrote:
Is there an easy way to limit the commands a certain group of users can execute?
Indeed. A chroot would only apply to a user if they were logged into the system. Let's say I wanted to prevent users executing the command "bad_command". Well, if "bad_command" was not available to a user in their chroot, they wouldn't be able to execute it. However, a user might write a Perl script that contained the following line:
system("bad_command");
If they got Apache to execute the script, the "bad_command" would be run. This is the reason why I'm trying to approach this problem from a permissions standpoint.
RSBAC could solve that easily, I prefer the RC module. Default is neither Apache nor the user is allowed to execute anything. Give the commands the user is allowed to execute a new RC type and give the user and Apache execute rights on that type.
Thomas
-- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]