Restrict sybase command stop_iq to certain linux users

0

I want to restrict access to stop_iq database shutdown utility to authorized users only under Linux, for example to the user 'dev' that belongs to group 'grp_dev'. I know the command is under this path:

/sybaseiq/IQ-15_4/bin64/stop_iq

And it could be also the same for start command:

/sybaseiq/IQ-15_4/bin64/start_iq

MSS

Posted 2015-07-29T15:58:48.340

Reputation: 139

Answers

1

If the file has no special setuid flags (i.e. ls -l stop_iq shows only a mix of the chars "rwx-" in the first field) you can simply, as root, chown dev stop_iq and chmod u=rx,og= stop_iq so only user dev can execute the file. This assumes no one else but you can sudo to root.

meuh

Posted 2015-07-29T15:58:48.340

Reputation: 4 273

Thanks. If I want to user "dev" can not execute the file? what would be the instruction? – MSS – 2015-07-30T14:25:04.957

@MSS for example, if you sudo chown root stop_iq and do the chmod also as above, then only root can run the program. Choose any user, like root, that is not "dev". – meuh – 2015-07-30T15:00:08.787

I need that root and sybase users can run the command stop_iq. The user dev and other users cannot perform that command. What would be the sequence of command I have to write?. Sorry, but I'm not an experienced linux user. – MSS – 2015-08-03T17:56:31.287

@MSS root can always read files, so to let sybase and root run a file, chown sybase stop_iq and chmod u=rx,og= stop_iq, then dev and others should not be able to read nor execute the file. – meuh – 2015-08-03T17:59:52.393

Asked: 2015-07-29T15:58:48.340

Viewed: 47 times

Active: 2015-07-29T19:00:32.063