Is it possible in Linux to prevent ordinary users from executing commands?

A

Alexander Nazarov2017-09-12 02:03:16

Debian

Alexander Nazarov, 2017-09-12 02:03:16

Is it possible in Linux to prevent ordinary users from executing commands?
An ordinary user can execute commands: cp, rm and others like that.
Is there any way to ban them?

Reply

Answer the question

In order to leave comments, you need to log in

4 answer(s)

E

Eldar01, 2017-09-12
@Eldar01

He will still have the ability to delete or copy through any other program, except for the shell, which you forbid.
You can prevent the user from deleting files or creating new ones (see chmod)

A

Alexey Cheremisin, 2017-09-12
@leahch

What problem are you trying to solve in this way?
The most reliable way is to drive the user into a chroot, and limit him to limits. But even here you will have to try hard, as there is, for example, stream redirection.

D

Denis Michurin, 2017-09-12
@denistu10

Write your own, for example with your own bledge ... commands and the necessary rights))

I

Ingvar, 2017-09-12
@take

Why limit? If there is still a root password reset, when physically accessing the keyboard. Even a child can handle it . I would not ban something even for ethical reasons. If it’s on business, can you look towards AppArmor / SELinux?