> On Fri, Nov 05, 2004 at 07:53:33PM +0200, [EMAIL PROTECTED] wrote: >> >In regards to the latter method, would it be possible for me to change >> >the group ownership of the commands I don't want users to have access >> to >> >and revoke execute permission from that group? >> >> Yes, you can make something like that: addgroup(access), then change >> groupname of commands that you want with that group (access), remember >> to >> remove "execute/search by others" from commands that are with >> group(access), also don't forget to add group(access) to every user that >> you want to have access to this commands. >
> The only problem with this approach would be that you'd revoke it from > system accounts too, not just your users. It might break in unexpected > places. > > It seems to me that this should be possible with SELinux. What you need > would be a role for your users where they are only able to run the > commands you want them to run, whereas system accounts would remain > unblocked. You just need to add group(access) to that system accounts that you want or that you think that they'll break in unexpected places... Don't you think? > > -- > EARTH > smog | bricks > AIR -- mud -- FIRE > soda water | tequila > WATER > -- with thanks to fortune > -------------------------------------------------------------- SELLINET Internet Services Provider - http://www.sellinet.net/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
