• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer navigation

The Geek Diary

  • OS
    • Linux
    • CentOS/RHEL
    • VCS
  • Interview Questions
  • Database
    • MariaDB
  • DevOps
    • Docker
    • Shell Scripting
  • Big Data
    • Hadoop
    • Cloudera
    • Hortonworks HDP

How to disable a specific command for a specific user in Linux

by admin

Question: How to prevent a given user from being able to run a specific command.

This technique uses a filesystem access control list (ACL) to prevent unwanted access.

Caution: The sudo facility is not suitable for this purpose. In particular, “subtracting” an executable from the allowed ALL preset does not work as expected.

The example below prevents user john from creating any directories via the mkdir command. The steps are:

1. Find the absolute path to the command to be controlled:

# which mkdir
/bin/mkdir

2. Display the current ACL for that program:

# getfacl /bin/mkdir
# file: bin/mkdir
# owner: root
# group: root
user::rwx
group::r-x
other::r-x

The user, group, and other entries correspond to the traditional file access permissions managed by the chmod command.

3. Add an access control rule for the user john:

# /bin/setfacl -m u:john:--- /bin/mkdir

4. View the updated access control:

# getfacl /bin/mkdir
getfacl: Removing leading '/' from absolute path names
# file: bin/mkdir
# owner: root
# group: root
user::rwx
user:john:---
group::r-x
mask::rwx
other::r-x

5. Test the setting:

# su - john
$ mkdir
-bash: /bin/mkdir: Permission denied

Consider adding an execution watch using the auditctl tool to augment this protection.

How to audit all Commands run on OEL 5,6 using auditd

Filed Under: Linux

Some more articles you might also be interested in …

  1. po4a-updatepo: command not found
  2. How To Disable MD5-based HMAC Algorithm’s for SSH
  3. What is Soft Links and Hard Links in Linux File System
  4. debuild Command Examples in Linux
  5. nsnake: command not found
  6. autopkgtest: command not found
  7. authconfig Command Examples in Linux
  8. jmtpfs Command Examples
  9. lvm Command Examples in Linux
  10. passwd Command Examples in Linux

You May Also Like

Primary Sidebar

Recent Posts

  • Vanilla OS 2 Released: A New Era for Linux Enthusiasts
  • mk Command Examples
  • mixxx Command Examples
  • mix Command Examples

© 2025 · The Geek Diary

  • Archives
  • Contact Us
  • Copyright