Originally posted by: Sam_k

folks...am on aix 5.3 ...please suggest a possible way to restrict a specific user to specific command ..eg. I want to restrict only one user to cp, mv etc allowing others...any way to edit .profile in home Dir OR modify permission on cmd itself (doesn't sound attractive though)??
#AIX-Forum

Originally posted by: orphy

Well, UNIX was written with openness in mind so I'm not sure if there's an easy way to do what you are asking for. What's the reason to restrict these basic commands? If you only want to user to do very specific things, would a restricted shell be acceptable? If so, you might be able to fix his/her .profile and make it owned by root so that the user are not able to run these (and pretty much all other) commands.
Orphy
#AIX-Forum

Originally posted by: SystemAdmin

You might consider "sudo", but that can become a admin nightmare. We use it to allow the DBA's to start and stop Oracle Cluster Ready Services, since those processes are owned by the root user.

http://en.wikipedia.org/wiki/Sudo
#AIX-Forum

Originally posted by: Sam_k

Thanks for responses ...this was a requirement to give read only access to a source code (third party vendor supplied app customized per need).

This is what I did

• Created a user w/ restricted shell.
• Removed /usr/bin from his .profile
• copied only required commands to $home/bin of user such as ls, more etc…
• chown his .profile by root
• Added user to grp and gave read, execute credential to grp
• use of su to user (sudo su user to avoid pwd) for those who want to read the code.

Sam
#AIX-Forum

Originally posted by: SystemAdmin

Try setting the user up with a restricted shell. You can get the documentation on how to configure the users shell off the IBM site.
#AIX-Forum