Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Register

Quick Links


Shells Virtual Desktop
BMail.ag - Secure Email Service
Server.net
CPLicense.net
VPS Server
Buy VPN
Vultr
VMs for AI
HostDare
HostDare
ReliableSite White-Label Dedicated Hosting for Resellers
InterServer VPS
BMail.ag - Secure Email Service
Best VPN
High-Performance Bare Metal Server Solutions
Karvl.com
Server Mania Cloud Hosting
DataWagon Hosting
AlphaVPS Hosting
Evoxt.com
Clouvider
VPS Hosting with NVMe
Residential IPs in the US & 4G Mobile Proxies in EU & US with Unlimited Bandwidth
ReliableSite White-Label Dedicated Hosting for Resellers
Rabisu - Hosting Solutions
Shells Virtual Desktop

Categories

In this Discussion

Home Help
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Restricting user for cron commands

LeviLevi Member
edited February 2022 in Help

So, I have interesting job to create cronjob management system for server users. Example:

john
dave
lucas
....

Wondering, how to prevent those users to run something like this in CRON:

* * * * * "rm -rf /"

I need to limit their access only to php, cURL and wget.

Comments

  • cmeerwcmeerw Member

    If a user can do damage using rm, limiting the user to wget or similar doesn't change much.

  • ZerpyZerpy Member

    Just only expose the commands to users you want to allow.
    Obviously there's nothing that prevents a user from writing a PHP script that loops over the filesystem and unlink it.

    But then again, rm -rf / should ever only screw their own account, right?

    Thanked by 2yoursunny bulbasaur
  • LeviLevi Member

    @cmeerw said:
    If a user can do damage using rm, limiting the user to wget or similar doesn't change much.

    Fair point. Than how to limit user just to particular set of commands?

  • ask_seek_knockask_seek_knock Member
    edited February 2022

    I had intended to say "Why not Google it yourself?",
    but after Googling manually, I found this is an interesting question.
    How to limit user commands in Linux [closed]

  • cmeerwcmeerw Member

    @LTniger said: Fair point. Than how to limit user just to particular set of commands?

    I wouldn't focus too much on (shell) commands, but on capabilities, so would use something like firejail to restrict what the user can do.

  • jon617jon617 Veteran
    edited February 2022

    @LTniger said: I have interesting job to create cronjob management system for server users. I need to limit their access only to php, cURL and wget.

    If other options fail, programming a wrapper for cron may be an option. Give users access to edit a cron-like text file in the home directory, then have root's cron su to the user and run allowed commands in their file.

    As others noted though, if a user does something destructive, it only ruins directories they have write permissions. That's why we have users & permissions.

  • LeviLevi Member

    Does anyone have a clue how Directadmin handles user access? It is some sort of a jail (not cagefs).

Sign In or Register to comment.