Limit a user on AIX

edosseh · December 16, 2010, 2:02pm

Hello,

Sorry for my poor English.
I have to reduce rights for a user on AIX system so that:

When he does
[quote]
df -g
[/quote]
, he find in output, only filesystems on which he has permissions
.He can't do
[quote]
su
[/quote]
to change user.

Very thanks for helping.

purdym · December 20, 2010, 1:16pm

Did you find a solution yet? This is possible.

Example of what I think you want:

unxm1:/u/purdym>df -g
Filesystem    GB blocks      Free %Used    Iused %Iused Mounted on
...
df: /iqprod/logs: The file access permissions do not allow the specified action.
/dev/iq_asadb_lv
df: /iqprod/asadb: The file access permissions do not allow the specified action.
...

The owner of the filesystem must not be the user you are trying to limit.
The user you are trying to limit must not have group rwx to the filesystem.

Ex:

unxm1:/u/purdym>ls -lad /iqprod
drwx------  4 sybaseiq infrmtcs 4.0K 18 May 2006 12:22 /iqprod

Above, only the owner 'sybaseiq' can access the filesytem. Note no group or other permission on /iqprod.

Please be careful before you remove group and other permissions from your mount points.

jgt · December 20, 2010, 2:09pm

An alternative might be to add a /custom/bin directory to the beginning of his PATH so that a restricted version of df is run instead of the one in /bin or /usr/bin.