[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: restricted bash (rbash)

On Wed, Nov 15, 2000 at 03:32:20PM +1300, Nick Clifford wrote:
> Pedro Zorzenon Neto wrote:
> > Hi, all
> >
> >   I put /bin/rbash as the default shell (in /etc/passwd) for some users
> > that
> > I just want them to use a restricted login.
> >
> <snip>
> Ok, I'm assuming you only want users who have this shell to only be able
> to access certian things, run only a limited set of commands?
> If thats the case, then you'd be best to setup a chroot jail. That way
> they can't breakout (unless they are root).
> Personally, a chroot jail is the only thing I trust when I need to setup
> an isolated or restricted environment. Its difficult to break out of a
> chroot jail even when you are root, but it can be done. So ensure they
> can't get root. :)

chroot is also a very large pain in the backside to setup for
interative sessions, i tinkered with the pam_chroot module and ssh and
got it barly but messily working.  Ben Collins (hope i spelled that
right) mentioned he had patched OpenSSH to do a neat trick with chroot
logins on debian machines, so developers can login to either a woody
or potato chroot.  he was going to post the details of what he did but
either has not yet or i missed it.  Ben?  

Ethan Benson

Attachment: pgp6R4QIG_sZi.pgp
Description: PGP signature

Reply to: