APLawrence.com -  Resources for Unix and Linux Systems, Bloggers and the self-employed

restricted user

What is this stuff?

If this isn't exactly what you wanted, please try our Search (there's a LOT of techy and non-techy stuff here about Linux, Unix, Mac OS X and just computers in general!):

From: johnd@sco.COM (John DuBois)
Subject: Re: Creating user with major restrictions
Date: 12 Feb 2001 21:07:21 GMT
References: <slXh6.561$_O.16972@insync> 

In article <slXh6.561$_O.16972@insync>, Chris lamb <cplamb@ssallc.com> wrote:
+I would like to set up a user within SCO OpenServer 5.0.5 with read-only
+permissions anywhere they go on the server. Is this possible, even if misc.
+files on the box have 'other' writeable permissions? I just want the user to
+be able to view data and change directories, but do nothing else. So far, I
+haven't had any luck and was hoping someone could help.

Only for extremely restricted purposes.  The closest you could come to this
would be to set the user's ulimit to 0.  That controls the maximum offset in a
regular file that a process owned by the user is allowed to write at.  They
would still be able to write to device nodes and pipes - fortunately, else the
login wouldn't be much use (not being able to write to their tty, for example).

But, this is liable to cause lots of problems.  Various applications like to
write to logfiles and such, and any spawned processes inherit the user's ulimit
(regardless of whether they run under under a different uid or not), so if they
don't change it (and most don't), they won't be able to write to their

Depending on what your actual application is, you might want to experiment with
it.  Note that the default action upon receiving SIGXFSZ (attempt to write
beyond ulimit) is to dump core.  The interface that the Bourne shell (/bin/sh)
uses to set the ulimit also sets the corefile limit to 0, so (under 5.0.5) you
won't get corefiles (under certain earlier releases you'll get a 0-length
corefile).  If the user uses the Korn shell (ksh) or various other shells, a
different interface is used that sets only the filesize limit - but the reason
is that these shells also let you set the corefile limit.  If the user uses one
of these shells, be sure to set the corefile limit to 0 else you are liable to
end up with corefiles littered about.  

John DuBois     johnd@sco.com       KC6QKZ/AE
I wish to God these calculations had been executed by steam. - Charles Babbage

Got something to add? Send me email.

(OLDER)    <- More Stuff -> (NEWER)    (NEWEST)   

Printer Friendly Version

-> -> restricted user ––>Re: Creating user with majorrestrictions

Increase ad revenue 50-250% with Ezoic

Kerio Samepage

Have you tried Searching this site?

Unix/Linux/Mac OS X support by phone, email or on-site: Support Rates

This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more.

Contact us

I define UNIX as 30 definitions of regular expressions living under one roof. (Donald Knuth)

This post tagged: