On Tue, Nov 14, 2000 at 04:34:33PM +0100, Jan Martin Mathiassen wrote: > On Tue, Nov 14, 2000 at 01:30:57PM -0200, Pedro Zorzenon Neto wrote: > > When the user logs in, rbash is being executed and the restricted login is > > working well. But, if the user executes 'bash', everything becames unrestricted. > > > > How can I deny the execution of shells inside rbash? > > > > Thanks > > Pedro > > My first thought would be to remove the executable flag for other users, > make a special group for bash, and add anyone that should have access to > bash in that group. > > haven't tried it, so... take it with a grain of salt. that won't work since rbash is just a symlink to bash. the real way of using restricted shell is to change the user's PATH to something very limited say /usr/local/restricted and putting a very limited set of symlinks in there. its very easy to break out of a restricted shell if you allow the user to run too much, for example, if you let them run emacs or vi they can use built in shell escapes to run a real shell. -- Ethan Benson http://www.alaska.net/~erbenson/
Attachment:
pgpCFmkbNyuzK.pgp
Description: PGP signature