View previous topic :: View next topic |
Author |
Message |
Joseph_sys Advocate
Joined: 08 Jun 2004 Posts: 2712 Location: Edmonton, AB
|
Posted: Sun Apr 01, 2007 4:47 pm Post subject: controlling which programs user can run |
|
|
Is there an easy way to control which which programs user can run?
Example I want user to use Lynx instead to Firefox.
I suppose it can be done using groups, but I was hoping there is an easier way controlling it. |
|
Back to top |
|
|
phajdan.jr Retired Dev
Joined: 23 Mar 2006 Posts: 1777 Location: Poland
|
Posted: Sun Apr 01, 2007 6:48 pm Post subject: |
|
|
Filesystem ACLs, maybe combined with trusted path execution from grsecurity kernel patch (included in hardened-sources). |
|
Back to top |
|
|
BlackEdder Advocate
Joined: 26 Apr 2004 Posts: 2588 Location: Dutch enclave in Egham, UK
|
Posted: Sun Apr 01, 2007 7:57 pm Post subject: |
|
|
Code: | mv /usr/bin/firefox /root/
ln -s /usr/bin/firefox /usr/bin/lynx |
|
|
Back to top |
|
|
runningwithscissors Guru
Joined: 21 Apr 2006 Posts: 454 Location: the third world
|
Posted: Mon Apr 02, 2007 7:56 am Post subject: |
|
|
only group execute bit on binaries? |
|
Back to top |
|
|
Taladar Guru
Joined: 09 Oct 2004 Posts: 458 Location: Bielefeld, Germany
|
Posted: Mon Apr 02, 2007 8:00 pm Post subject: |
|
|
I believe you also need to remove the read bit or users can still start the app with ld.so directly. |
|
Back to top |
|
|
|