While working on redis server, I come to know there is an option to rename you scracy command to avoid accidental update. Is there any option for bash i.e., Ubuntu Linux especially shutdown, rm and reboot commands. While Googleing, I have found some options such as update .bashrc etc., but I want a global way, as there can be many users or one can edit his .bashrc file.
Asked
Active
Viewed 238 times
0
-
Typically what you're asking for should probably be done, not by hiding commands, but by setting relevant permissions on users so people who can be expected to accidentally shutdown servers or remove important files don't have the rights to do so. – Mikael H Jan 31 '19 at 11:46
-
1What do you mean by "scracy"? This doesn't appear to be an English word or a term relevant to IT. – Michael Hampton Jan 31 '19 at 13:35
-
I have updated the statement. There was a typo – Hafiz Muhammad Shafiq Feb 01 '19 at 05:22
2 Answers
3
shutdown, rm and reboot commands
rm is required for a POSIX environment. If you don't want a user to delete a file, remove their write permission on the directory containing it, and don't give them root user access.
one can edit his .bashrc file
If you are going to launch a captive menu or restricted environment, don't allow users to edit their .profile or .bashrc files. Instead, via ssh access, the more secure way to force someone to only run one command is with ForceCommand.
To prevent any user from rebooting until it is "unlocked", consider altering systemd services to insert a dependency that is not met. An example implementation is in the RHEL KB: systemd: How to prevent root from rebooting until a prescribed action is taken and there is another implementation called reboot-guard.
If polkit is in use, which it probably is for a GUI, an alternative is writing rules to supress events like "org.freedesktop.consolekit.system.restart" for not privileged users.
If your users can run in a restricted environment, force them to use a container or chroot for everything. You have to provide the software environment here, so it isn't global to the host. But it is isolated.
John Mahowald
- 32,050
- 2
- 19
- 34
-1
Don't modify system command directly. avoiding such conflicts, you create alias for shutdown command.
$ sudo vi .bashrc
alias anyname='shutdown'
[save and exit]
$ . .bashrc
$ anyname
Yogesh
- 1
-
1The OP explicitly states that he does NOT want to us `.bashrc`. – Gerald Schneider Feb 01 '19 at 08:16
-
1apart from that, this will not remove `shutdown`. It will only add an additional command that does the same. – Gerald Schneider Feb 01 '19 at 08:17