Hi,
is there a way to disable bash shell only for specific users?
Hi,
is there a way to disable bash shell only for specific users?
you can put them in a same group and change the environment .profile for that group.
But this does not prevent a user from calling bash inside his default shell or from a script.
for ex our user is test.
add a group which named bashxx
# groupadd bashxx
and add user to group
# usermod -G bashxx,test test
and mount with acl
# mount -o remount -o defaults,acl /
and be sure that there is not perm on bash
# setfacl -m g:bashxx:0 `which bash`
and they must not dowload any source file about bash
# su - test
$ bash
-ksh: bash: cannot execute [Permission denied]
after that for another users same process goes on..
# usermod -G bashxx,test2 test2
and then again for another users...
of course they should not dowload any source file about bash :rolleyes:
regards
ygemici
It is the other way round: ENable specific users for the shell:
This way you have disabled the usage of bash for all users not member of "bashusers". Of course you can't effectively disable it for user "root".
I hope this helps.
bakunin
Thanks for writing a follow-up.
Still, i'd like to warn you to think twice about using ACLs: in my experience using ACLs is uncessarily complicating the rights management process and in the long run it is better to stay away from using ACLs at all.
In most cases you can achieve your goals without ACLs and if this is possible you should go for it.
Just my 2 cents.
bakunin
I second what bakunin says about ACLs. I do not know an easy way to administer them so we were always looking for a way to leave them out.