[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: restricted bash (rbash)

On Tue, Nov 14, 2000 at 04:34:33PM +0100, Jan Martin Mathiassen wrote:
> On Tue, Nov 14, 2000 at 01:30:57PM -0200, Pedro Zorzenon Neto wrote:
> >   I put /bin/rbash as the default shell (in /etc/passwd) for some users that
> > I just want them to use a restricted login.
> > 
> >   When the user logs in, rbash is being executed and the restricted login is
> > working well. But, if the user executes 'bash', everything becames unrestricted.

[goes away and plays with rbash for a bit]

> >   How can I deny the execution of shells inside rbash?
> My first thought would be to remove the executable flag for other users,
> make a special group for bash, and add anyone that should have access to
> bash in that group.

No; restricting just shells is useless if you leave other commands open. 

>From my very brief look, it appears that rbash essentially prevents you 
running commands outside of your PATH. Clearly it has NO security value 
unless you set their PATH to a directory with only the few commands you 
want them to be allowed to run.

Colin Phipps <cph@netcraft.com>                http://www.netcraft.com/

Reply to: