Knowledgebase
Prevent a list of Users from executing a file
There are many scenarios where you'd not want a User or Users to execute a specific file.
For example, wget or perl might be binaries that you'd not want Users to run.
In this example, we'll discuss how to use group permissions to prevent a group of Users from executing the file:
This guide can be applied to other binaries as needed, but make sure that you don't block any Users which actually need to use the given binary.
For example, wget or perl might be binaries that you'd not want Users to run.
In this example, we'll discuss how to use group permissions to prevent a group of Users from executing the file:
- First, we need to create a group that will be filled with Users. Let's call this group :
groupadd noperl
- Next, we'll assign this group to the perl binary, and set it's permissions such that no User in the noperl group can execute it:
chgrp noperl /usr/bin/perl
where using the permissions, the 0 portion specifies that the group on this file cannot do anything on it (can't read it, can't write to it, and cannot execute it)
chmod 705 /usr/bin/perl
- Lastly, add any Users to this group who should not be allowed to execute perl:
usermod -a -G noperl apache
where apache, fred, and george cannot run /usr/bin/perl.
usermod -a -G noperl fred
usermod -a -G noperl george
This guide can be applied to other binaries as needed, but make sure that you don't block any Users which actually need to use the given binary.
- If you want to automate the adding of newly created Users to this group, create the file:
/usr/local/directadmin/scripts/custom/user_create_post.sh
and add the code#!/bin/sh
and chmod the script to 755.
/usr/sbin/usermod -a -G noperl $username 2>&1
RET=$?
exit $RET