[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: restricted bash (rbash)

On Tue, Nov 14, 2000 at 03:51:56PM +0000, Colin Phipps wrote:
: On Tue, Nov 14, 2000 at 04:34:33PM +0100, Jan Martin Mathiassen wrote:
: > On Tue, Nov 14, 2000 at 01:30:57PM -0200, Pedro Zorzenon Neto wrote:
: > >   I put /bin/rbash as the default shell (in /etc/passwd) for some users that
: > > I just want them to use a restricted login.
: > > 
: > >   When the user logs in, rbash is being executed and the restricted login is
: > > working well. But, if the user executes 'bash', everything becames unrestricted.
: [goes away and plays with rbash for a bit]
: > >   How can I deny the execution of shells inside rbash?
: > My first thought would be to remove the executable flag for other users,
: > make a special group for bash, and add anyone that should have access to
: > bash in that group.
: No; restricting just shells is useless if you leave other commands open. 
: >From my very brief look, it appears that rbash essentially prevents you 
: running commands outside of your PATH. Clearly it has NO security value 
: unless you set their PATH to a directory with only the few commands you 
: want them to be allowed to run.                        ^^^

Huh, and You may not allowed few useful comands as vim, ftp, or lftp
... and others, that allows to run "local" commands. (Like ftp.:

Tomasz Kuzniar <mezon@profnet.pl>
* Polska Platforma Internetowa *
              ~ ~ ~
"Zbieg okolicznosci - Fugitive of circumstances"

Reply to: