[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: restricted bash (rbash)

On Thu, Nov 16, 2000 at 09:02:33AM -0200, Pedro Zorzenon Neto wrote:
> I forgot one thing about all this...
>   All about the restricted bash could be useless if you forget to
>   lock the ftp acount of the restricted users.
>   You can avoid them to edit and create shell scripts inside their
>   telnet session, but if you forget to lock their ftp session ...
>   they could put scripts in their directory and execute them by telnet...

for restricted shells to be effective the user must not have write
permission to there home directory or thier ~/.bash* files they also
must not have write permission to the directory in thier PATH.  

one other thing you will need to do, is create ~/.ssh/environment with
the following:


otherwise a simply ssh localhost /bin/bash will bypass the whole
thing.  ssh sets a default PATH when you login with a command name
(since it does not run your shell from /etc/passwd nor parse the

the ~/.ssh directory and env file must of course not be writable by
the user.  

Ethan Benson

Attachment: pgp_7ex9WgabI.pgp
Description: PGP signature

Reply to: