Sometimes you may need to prevent users from running certain commands in their Linux systems, for purpose of security. There are several ways to do this. In this article, we will learn how to disable commands in Linux and limit user commands.
How to Disable Commands in Linux
We have assumed that the users have their home directory at /home/[username] and that they use bash shell /bin/bash by default.
Here are the different ways to disable commands in Linux. You need to be logged in as root or administrator to be able to perform the following steps.
1. Change User’s Bash Shell to Restricted Mode
Bash shell can be operated in restricted mode that prevents users from running commands they are not authorized to run, or can compromise security. If restricted bash is not enabled for your user, you can enable it with the following command.
$ chsh -s /bin/rbash [username]
2. Change Home Directory Permissions
You can also change the permissions of user’s home directory so that only the user is able to make changes to it and other users are not able to run commands to modify the directory. Here is the command to update directory permissions of user’s home directory.
$ chmod 755 /home/[username]
3. Create bash_profile file
You can also disable certain command by creating aliases for those commands such that they don’t perform the expected action when run. Here is an example of .bash_profile file where we have created alias for apt-get command typically used to install software. Create an empty file if it doesn’t exist.
$ vi ./.bash_profile
Add the following lines to it.
alias apt-get="printf ''"
In the above command, we have set an alias for command apt-get to simply print null string and do nothing else. This effectively disables the command. Here are some more aliases to add.
alias aptitude="printf ''" alias vi="vi -Z" #vi's safe mode and shell commands won't be run from within vi alias alias="printf ''"
4. Change .bash_profile ownership
Once you have created the required aliases to disable commands, change ownership of .bash_profile to root.
$ chown root:root /home/[username]/.bash_profile
Finally, remove write permission to user’s bash_profile so that they are not able to edit it.
$ chmod 755 /home/[username/.bash_profile]
In this article, we have learnt how to disable commands in Linux. You can use these steps to restrict users from executing unauthorized commands on their system. It is a good way to secure your system.
Also read:
How to Install Printer in Ubuntu via GUI
How to Increase SSH Connection Limit in Linux
How to Disable Root Login in Linux
How to Disable Su Access to Sudo in Linux
How to Install Printer in Ubuntu via Terminal
Related posts:
Sreeram has more than 10 years of experience in web development, Python, Linux, SQL and database programming.