Here is a quick example of how to substitute system commands based on who tries to run them. A customer of mine has recently deployed a security audit application on his servers. The application has a few bugs that the vendor has not yet resolved.

For example, the security audit agent looks at the output of the “mount” command to see if any filesystems are mounted without the “nosuid” option. However, there is a bug in the audit tool and it fails to exclude certain filesystems where “nosuid” option should not be used.

Until the problem with the audit tool is fixed, we wanted to disable this particular test on per-server basis. This could not be done centrally from the audit application and had to be done locally on each client node.

The idea was simple: the audit tool runs under “bigbro” username and we wanted the “mount” command to behave differently for that user.

Step one was to move /bin/mount to /bin/mount_orig. Then we created a new /bin/mount containing the following shell script:

#!/bin/sh
if [ `id -un` == "bigbro" ]
then
     echo ""
else
     /bin/mount_orig $*
fi

Then we just chmod 755 /bin/mount and “bigbro” was no longer able to annoy us with false non-compliance reports. Very unprofessional, I know, but what’cha gonna do?