• Italiano
  • English
  • Pусский
  • Español
console commands linux

How to restrict users from running chmod 777

1 feb 2024 2 min di lettura
How to restrict users from running chmod 777
Indice dei contenuti

Introduction

Creating a custom script wrapper for chmod can help you manage and limit the use of certain chmod commands, for example by preventing 777 permissions from being set. Below is a basic example of how to create such a script in Ubuntu or any other Linux based system.

  1. Create the script: you will create a script called safe_chmod and place it in a directory like /usr/local/bin the one commonly found in the user's $PATH.
  2. Contents of the script:
    • The script will check the specific permission pattern (for example, 777) and display a warning message if that pattern is used.
    • It will run the normal chmod command for all other cases.
  3. Make the script executable: After creating the script, you will need to make it executable.
  4. Create an alias - Create an alias of safe_chmod for chmod in login/non-login scripts

Here is a step by step guide:

Step 1: Create the script

Open a terminal and use a text editor to create the script. For example, using nano:

sudo nano /usr/local/bin/safe_chmod

Add the following content to the file:

#!/bin/bash
 # Custom script wrapper for chmod to prevent setting 777 permissions

 # Check if any of the arguments is '777'
 for arg in "$@"; do
 if [ "$arg" == "777" ]; then
 echo "Error: Setting 777 permissions is not allowed for security reasons."
 exit 1
 fi
 done

 # If 777 is not found, execute the original chmod command with all arguments
 /bin/chmod "$@"

Step 2: Make the script executable

Save and close the file. Then, make the script executable:

sudo chmod +x /usr/local/bin/safe_chmod

Step 3: Alias ​​the chmod command

In order for the script to effectively replace the chmod command, you can create a chmod alias on safe_chmod. This can be done by editing the `.bashrc` or `.bash_profile` files for each user or globally in `/etc/bash.bashrc`:

echo "alias chmod='/usr/local/bin/safe_chmod'" >> ~/.bashrc
source ~/.bashrc

Conclusion and considerations

This wrapper script method is a simple and effective way to prevent the use of chmod 777, improving the security of your Linux systems. However, it is important to note that this method is not foolproof. Users with sufficient permissions can bypass this restriction, and it does not break direct invocations of /bin/chmod unless the alias is active.

Therefore, this strategy should be part of a broader security approach that includes user training, appropriate system administration practices, and regular audits. Remember, best security practices involve multiple layers of protection to safeguard your system effectively.

Support us with a

Successivamente, completa il checkout per l'accesso completo a Noviello.it.
Bentornato! Accesso eseguito correttamente.
Ti sei abbonato con successo a Noviello.it.
Successo! Il tuo account è completamente attivato, ora hai accesso a tutti i contenuti.
Operazione riuscita. Le tue informazioni di fatturazione sono state aggiornate.
La tua fatturazione non è stata aggiornata.