On Thu, Nov 16, 2000 at 09:02:33AM -0200, Pedro Zorzenon Neto wrote: > I forgot one thing about all this... > > All about the restricted bash could be useless if you forget to > lock the ftp acount of the restricted users. > > You can avoid them to edit and create shell scripts inside their > telnet session, but if you forget to lock their ftp session ... > they could put scripts in their directory and execute them by telnet... for restricted shells to be effective the user must not have write permission to there home directory or thier ~/.bash* files they also must not have write permission to the directory in thier PATH. one other thing you will need to do, is create ~/.ssh/environment with the following: PATH=/what/ever/restricted otherwise a simply ssh localhost /bin/bash will bypass the whole thing. ssh sets a default PATH when you login with a command name (since it does not run your shell from /etc/passwd nor parse the ~/.dotfiles) the ~/.ssh directory and env file must of course not be writable by the user. -- Ethan Benson http://www.alaska.net/~erbenson/
Attachment:
pgp_7ex9WgabI.pgp
Description: PGP signature