FW: restricted bash (rbash)
If you set the path to be their home directory and put in sim links for
those aps you want them to use this will restrict their access.
-taz
-----Original Message-----
From: Colin Phipps [mailto:cph@netcraft.com]
Sent: Wednesday, 15 November 2000 04:50
To: debian-security@lists.debian.org
Subject: Re: restricted bash (rbash)
On Tue, Nov 14, 2000 at 04:34:33PM +0100, Jan Martin Mathiassen wrote:
> On Tue, Nov 14, 2000 at 01:30:57PM -0200, Pedro Zorzenon Neto wrote:
> > I put /bin/rbash as the default shell (in /etc/passwd) for some users
that
> > I just want them to use a restricted login.
> >
> > When the user logs in, rbash is being executed and the restricted
login is
> > working well. But, if the user executes 'bash', everything becames
unrestricted.
[goes away and plays with rbash for a bit]
> > How can I deny the execution of shells inside rbash?
> My first thought would be to remove the executable flag for other users,
> make a special group for bash, and add anyone that should have access to
> bash in that group.
No; restricting just shells is useless if you leave other commands open.
>From my very brief look, it appears that rbash essentially prevents you
running commands outside of your PATH. Clearly it has NO security value
unless you set their PATH to a directory with only the few commands you
want them to be allowed to run.
--
Colin Phipps <cph@netcraft.com> http://www.netcraft.com/
--
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact
listmaster@lists.debian.org
Reply to: