Shell restricted access

Michal G gonda.miso at gmail.com
Wed May 18 08:11:18 UTC 2016 

It was just an example but I got the point. I mainly wanted to restrict
user access to as few commands as possible and "ls / cat" only their home
folder. Those are persons with no Linux experience whatsoever.
But thanks as lot for help!

On Tue, May 17, 2016 at 5:31 PM, Jackmcbarn <jackmcbarn+bb at gmail.com> wrote:

> Why are you trying to hide the contents of /etc/passwd? It's designed so
> there's no security implications of it being readable by anyone (since
> everything sensitive is in /etc/shadow).
>
> On Tue, May 17, 2016 at 8:00 AM, Michal G <gonda.miso at gmail.com> wrote:
>
>> I will go this way than. But if I am correct I cannot change for example
>> read permissions for some files like /etc/passwd etc. to totally isolate
>> users so there is no way how to prevent them to do "cat /etc/passwd" or
>> similar. Is there any security flaw I should be aware of if I just create
>> those users and keep everything as it is without settings more file
>> permissions on the system? For binaries I will use setuid as you said.
>>
>>
>> On Fri, May 13, 2016 at 7:42 PM, Jackmcbarn <jackmcbarn+bb at gmail.com>
>> wrote:
>>
>>> The best approach here is to use file permissions to prevent them from
>>> accessing files and directories they shouldn't. If there need to be
>>> exceptions for certain programs, implement them as setuid binaries.
>>>
>>> On Wed, May 11, 2016 at 8:17 AM, Michal G <gonda.miso at gmail.com> wrote:
>>>
>>>> Hi,
>>>> I am using Buildroot with Busybox on my system and I would like to
>>>> implement some serious restrictions for the users. I have 3~4 more users
>>>> and each of them should have an access only to their own folders and couple
>>>> of shell scripts. I would use shell scripts to change content of other
>>>> files. Nothing more.
>>>> Is it possible to achieve this in Buildroot ash? Or what would be the
>>>> best approach?
>>>> Thank you very much.
>>>>
>>>> BR
>>>> Michal Gonda
>>>>
>>>> _______________________________________________
>>>> busybox mailing list
>>>> busybox at busybox.net
>>>> http://lists.busybox.net/mailman/listinfo/busybox
>>>>
>>>
>>>
>>> _______________________________________________
>>> busybox mailing list
>>> busybox at busybox.net
>>> http://lists.busybox.net/mailman/listinfo/busybox
>>>
>>
>>
>> _______________________________________________
>> busybox mailing list
>> busybox at busybox.net
>> http://lists.busybox.net/mailman/listinfo/busybox
>>
>
>
> _______________________________________________
> busybox mailing list
> busybox at busybox.net
> http://lists.busybox.net/mailman/listinfo/busybox
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.busybox.net/pipermail/busybox/attachments/20160518/148c1e0e/attachment-0001.html>

More information about the busybox mailing list