| View previous topic :: View next topic |
| Author |
Message |
Joseph_sys
Advocate
Joined: 08 Jun 2004
Posts: 2712
Location: Edmonton, AB
|
 Posted: Sun Apr 01, 2007 4:47 pm Post subject: controlling which programs user can run |
 |
|
Is there an easy way to control which which programs user can run?
Example I want user to use Lynx instead to Firefox.
I suppose it can be done using groups, but I was hoping there is an easier way controlling it. |
|
| Back to top |
|
 |
phajdan.jr
Retired Dev
Joined: 23 Mar 2006
Posts: 1777
Location: Poland
|
| Posted: Sun Apr 01, 2007 6:48 pm Post subject: |
|
|
| Filesystem ACLs, maybe combined with trusted path execution from grsecurity kernel patch (included in hardened-sources). |
|
| Back to top |
|
|
BlackEdder
Advocate
Joined: 26 Apr 2004
Posts: 2588
Location: Dutch enclave in Egham, UK
|
| Posted: Sun Apr 01, 2007 7:57 pm Post subject: |
|
|
| Code: | mv /usr/bin/firefox /root/
ln -s /usr/bin/firefox /usr/bin/lynx |
|
|
| Back to top |
|
|
runningwithscissors
Guru
Joined: 21 Apr 2006
Posts: 454
Location: the third world
|
| Posted: Mon Apr 02, 2007 7:56 am Post subject: |
|
|
| only group execute bit on binaries? |
|
| Back to top |
|
|
Taladar
Guru
Joined: 09 Oct 2004
Posts: 458
Location: Bielefeld, Germany
|
| Posted: Mon Apr 02, 2007 8:00 pm Post subject: |
|
|
| I believe you also need to remove the read bit or users can still start the app with ld.so directly. |
|
| Back to top |
|
|
|
Gentoo Chat
