How to Limit a User's or Role's Privileges
You can limit the privileges that are available to a user or role by reducing the basic set, or by reducing the limit set. You should have good reason to limit the user's privileges in this way, because such limitations can have unintended side effects.
Caution – You should thoroughly test any user's capabilities where the basic set or the limit set has been modified for a user.
-
When the basic set is less than the default, users can be prevented from using the system.
-
When the limit set is less than all privileges, processes that need to run with an effective UID=0 might fail.
-
Determine the privileges in a user's basic set and limit set.
For the procedure, see How to Determine the Privileges on a Process.
-
(Optional) Remove one of the privileges from the basic set.
$ usermod -K defaultpriv=basic,!priv-name username
By removing the proc_session privilege, you prevent the user from examining any processes outside the user's current session. By removing the file_link_any privilege, you prevent the user from making hard links to files that are not owned by the user.
Caution – Do not remove the proc_fork or the proc_exec privilege. Without these privileges, the user would not be able to use the system. In fact, these two privileges are only reasonably removed from daemons that should not fork() or exec() other processes.
-
(Optional) Remove one of the privileges from the limit set.
$ usermod -K limitpriv=all,!priv-name username
-
Test the capabilities of username.
Log in as username and try to perform the tasks that username must perform on the system.
Example 11–7 Removing Privileges From a User's Limit Set
In the following example, all sessions that originate from jdoe's initial login are prevented from using the sys_linkdir privilege. That is, the user cannot make hard links to directories, nor can the user unlink directories, even after the user runs the su command.
$ usermod -K limitpriv=all,!sys_linkdir jdoe $ grep jdoe /etc/user_attr jdoe::::type=normal;defaultpriv=basic;limitpriv=all,!sys_linkdir |
Example 11–8 Removing Privileges From a User's Basic Set
In the following example, all sessions that originate from jdoe's initial login are prevented from using the proc_session privilege. That is, the user cannot examine any processes outside the user's session, even after the user runs the su command.
$ usermod -K defaultpriv=basic,!proc_session jdoe |
$ grep jdoe /etc/user_attr jdoe::::type=normal;defaultpriv=basic,!proc_session;limitpriv=all |
- © 2010, Oracle Corporation and/or its affiliates