I agree with Gilles that disabling perl is not effective security; as there are numerous other ways you could be attacked (e.g., a python script; a bash script; a php script; an executable) and that restricting /usr/bin/perl
to certain users groups may have side effects (e.g., that program that calls a perl script as an ordinary user).
However as an aside, the straightforward way if you have an application in linux that you want to restrict to certain users, you first, create a group, then add users to that group. The following commands accomplish this in ubuntu (creating the perl group and adding user1, user2, user3 to it:
sudo addgroup perl
sudo adduser user1 perl
sudo adduser user2 perl
sudo adduser user3 perl
Now find where perl currently is (which perl
which on my system was /usr/bin/perl
) find what it's perl's ownership and permissions currently are (ls -l /usr/bin/perl
on ubuntu by default set to owned by user root and in group root) with everyone having read/execute permissions, which you should disable for other users unless they are in the perl group:
sudo chgrp perl /usr/bin/perl
sudo chmod o-rx /usr/bin/perl
Note that an attacker on your system who isn't a member of the perl group, if they can get to a terminal could upload their own version of the perl executable (or if you didn't remove read access to other users; they could have just copied it) to some local/tmp directory, set the executable bit on it (if they can run chmod
), and then use that run perl script's off their own executable.