Prevent SSH users from accessing "Top" and other commands

Boboss

Active Member
May 26, 2003
28
0
151
Can someone indicate how to ensure that users do not get access to commands such as "top", "ps", etc.?

Thanks.
 

jayh38

Well-Known Member
Mar 3, 2006
1,213
0
166
The best and easiest way, don't give ssh jailshell.

I never do on any server. There is enough power via cpanel, cse script, ftp scripts etc.
Everything a user needs can be done through a gui.

just my opinion. And if a user demands it, then they can also deman another
provider because thats something I definitely will not provide.

good luck
 

Spiral

BANNED
Jun 24, 2005
2,020
8
193
I don't recommend giving any kind of shell access to any user ....

However to answer your question, you can set owner "root:root"
and permissions "700" on any program you want accessible
by root only.

While I don't see a problem with things such as 'ps' and 'top'
doing this, you should be advised that restricting some commands
could feasible break scripts that depend on those commands.
 

kevinm

Member
Feb 22, 2006
19
0
151
Another way to achieve this without having to go setting permissions about the fil system in a draconian way is to install a role based access control (RBAC) , the grsec kernel patches has a good rbac included in them . ( http://www.grsecurity.net/ ) It needs a kernel recompile , however once you have the least privilege policies created, then you can move this policy to any server with a few copy operations .