Originally posted by: rf0914

I have to add a user to aix. Part of my requirement is to restrict the user to their own dir(The user should not be able to leave their home dir).

I also want to restrict the user's ability to perform certain commands via the command line (i.e. I only want the able to perform the "nmon" command).

Is this possible and if so, how ?

Thanks
#AIX-Forum

Originally posted by: cggibbo

Well, for starters have a look at rksh.

With a restricted shell a user cannot:

• Change the current working directory.
• Set the value of the SHELL, ENV, or PATH variable.
• Specify the pathname of a command that contains a / (slash).
• Redirect output of a command with > (right caret), >| (right caret, pipe symbol), (left caret, right caret), or >> (two right carets).

If this is not enough, then you may need to look a chroot.
#AIX-Forum

Originally posted by: SystemAdmin

Another option, as an alternative to the previous, is to lock the user into their .profile. In this situation one can place a a menu in the .profile giving them a selection menu of available tasks. Make sure to trap the .profile, so if the user attempts to escape, they are instantly logged off.

The last command in the .profile should be an exit; which will log out the user. To be safe, one should also disable the user's FTP and ssh access, otherwise they could delete their .profile or run remote commands. I hope that you don't have any r-commands enabled. You could also make the user's directory and .profile the property of root:system.
#AIX-Forum