0

I want to restrict access to stop_iq database shutdown utility to authorized users only under Linux, for example to the user 'dev' that belongs to group 'grp_dev'. I know the command is under this path:

/sybaseiq/IQ-15_4/bin64/stop_iq

And it could be also the same for start command:

/sybaseiq/IQ-15_4/bin64/start_iq

MSS
  • 159
  • 1
  • 2
  • 7

1 Answers1

1

If the file has no special setuid flags (i.e. ls -l stop_iq shows only a mix of the chars "rwx-" in the first field) you can simply, as root, chown dev stop_iq and chmod u=rx,og= stop_iq so only user dev can execute the file. This assumes no one else but you can sudo to root.

meuh
  • 6,119
  • 1
  • 20
  • 26
  • Thanks. If I want to user "dev" can not execute the file? what would be the instruction? – MSS Jul 30 '15 at 14:25
  • @MSS for example, if you `sudo chown root stop_iq` and do the `chmod` also as above, then only root can run the program. Choose any user, like root, that is not "dev". – meuh Jul 30 '15 at 15:00
  • I need that `root` and `sybase` users can run the command `stop_iq`. The user `dev` and other users cannot perform that command. What would be the sequence of command I have to write?. Sorry, but I'm not an experienced linux user. – MSS Aug 03 '15 at 17:56
  • @MSS root can always read files, so to let sybase and root run a file, `chown sybase stop_iq` and `chmod u=rx,og= stop_iq`, then dev and others should not be able to read nor execute the file. – meuh Aug 03 '15 at 17:59