How to limit the user's rights?

I

Ilya Trusov2016-01-18 03:31:45

linux

Ilya Trusov, 2016-01-18 03:31:45

Hello. A rather non-trivial task has appeared.
It is necessary to allow some users to download php, python, ruby scripts to a certain folder and run them from there. You can restrict visibility using chroot. Everything is clear here. But how to forbid them, for example, to reboot the server from the script? Is it possible to somehow limit everything that is possible with user rights, leaving only the ability to run the scripts themselves without any consequences for the server?
I hope I explained clearly. Thanks in advance.

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

V

Vlad Zhivotnev, 2016-01-18
@artgrosvil

Here, no chroot is needed, but a properly configured jailkit.

P

Pavel K, 2016-01-18
@PavelK

Run the execution of scripts with the rights of a specific user -
after all, exactly what you create and nothing more will be available under the root.
I mean, for example, in order for shutdown to work in kchrute, there should be / sbin / shutdown and similarly for other commands.
You can, of course, disable dangerous functions in the php / ruby settings themselves, but then problems with scripts may arise.