Monday, September 22, 2008

How to disable a specific command(s) for a certain user.

Please follow the below steps to disable a specific command(s) for a certain user.

# su - hari
$ which rm (Here rm command as an example)
$ mkdir ~/bin
$ ln -s /bin/* ~/bin/ (/bin is the PATH for rm)
$ rm -rf ~/bin/rm

Take the output of $PATH for this user

$ echo $PATH > MyPATH.txt
Edit this file and replace /bin with ~/bin

Login as root

$ su -
# cat /home/hari/MyPATH.txt >> /home/hari/.bashrc

Change the permission of /home/hari/.bashrc
# chmod 444 /home/hari/.bashrc
# chattr +i /home/hari/.bashrc


That's all.
But the user can reset the PATH variable anytime to overcome this.
Please comment with alternatives for this.