APLawrence.com -  Resources for Unix and Linux Systems, Bloggers and the self-employed

restricted user

© December 2004 (various authors)

What is this stuff?

If this isn't exactly what you wanted, please try our Search (there's a LOT of techy and non-techy stuff here about Linux, Unix, Mac OS X and just computers in general!):

From: johnd@sco.COM (John DuBois)
Subject: Re: Creating user with major restrictions
Date: 12 Feb 2001 21:07:21 GMT
References: <slXh6.561$_O.16972@insync> 

In article <slXh6.561$_O.16972@insync>, Chris lamb <cplamb@ssallc.com> wrote:
+I would like to set up a user within SCO OpenServer 5.0.5 with read-only
+permissions anywhere they go on the server. Is this possible, even if misc.
+files on the box have 'other' writeable permissions? I just want the user to
+be able to view data and change directories, but do nothing else. So far, I
+haven't had any luck and was hoping someone could help.

Only for extremely restricted purposes.  The closest you could come to this
would be to set the user's ulimit to 0.  That controls the maximum offset in a
regular file that a process owned by the user is allowed to write at.  They
would still be able to write to device nodes and pipes - fortunately, else the
login wouldn't be much use (not being able to write to their tty, for example).

But, this is liable to cause lots of problems.  Various applications like to
write to logfiles and such, and any spawned processes inherit the user's ulimit
(regardless of whether they run under under a different uid or not), so if they
don't change it (and most don't), they won't be able to write to their

Depending on what your actual application is, you might want to experiment with
it.  Note that the default action upon receiving SIGXFSZ (attempt to write
beyond ulimit) is to dump core.  The interface that the Bourne shell (/bin/sh)
uses to set the ulimit also sets the corefile limit to 0, so (under 5.0.5) you
won't get corefiles (under certain earlier releases you'll get a 0-length
corefile).  If the user uses the Korn shell (ksh) or various other shells, a
different interface is used that sets only the filesize limit - but the reason
is that these shells also let you set the corefile limit.  If the user uses one
of these shells, be sure to set the corefile limit to 0 else you are liable to
end up with corefiles littered about.  

John DuBois     johnd@sco.com       KC6QKZ/AE
I wish to God these calculations had been executed by steam. - Charles Babbage

Got something to add? Send me email.

(OLDER)    <- More Stuff -> (NEWER)    (NEWEST)   

Printer Friendly Version

-> restricted user ––>Re: Creating user with majorrestrictions

Inexpensive and informative Apple related e-books:

Are Your Bits Flipped?

Take Control of Pages

Take Control of Numbers

Take Control of Apple Mail, Third Edition

Digital Sharing Crash Course

Printer Friendly Version

Have you tried Searching this site?

This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more.

Contact us

Printer Friendly Version

If you don't know anything about computers, just remember that they are machines that do exactly what you tell them but often surprise you in the result. (Richard Dawkins)

Linux posts

Troubleshooting posts

This post tagged:


Unix/Linux Consultants

Skills Tests

Unix/Linux Book Reviews

My Unix/Linux Troubleshooting Book

This site runs on Linode

SCO Unix Sales, Support, & Service

Phone:  707-SCO-UNIX (707-726-8649Toll Free: 833-SCO-UNIX (833-726-8649)