Re: restricted bash (rbash)
On Tue, Nov 14, 2000 at 03:51:56PM +0000, Colin Phipps wrote:
: On Tue, Nov 14, 2000 at 04:34:33PM +0100, Jan Martin Mathiassen wrote:
: > On Tue, Nov 14, 2000 at 01:30:57PM -0200, Pedro Zorzenon Neto wrote:
: > > I put /bin/rbash as the default shell (in /etc/passwd) for some users that
: > > I just want them to use a restricted login.
: > >
: > > When the user logs in, rbash is being executed and the restricted login is
: > > working well. But, if the user executes 'bash', everything becames unrestricted.
:
: [goes away and plays with rbash for a bit]
:
: > > How can I deny the execution of shells inside rbash?
: > My first thought would be to remove the executable flag for other users,
: > make a special group for bash, and add anyone that should have access to
: > bash in that group.
:
: No; restricting just shells is useless if you leave other commands open.
:
: >From my very brief look, it appears that rbash essentially prevents you
: running commands outside of your PATH. Clearly it has NO security value
: unless you set their PATH to a directory with only the few commands you
: want them to be allowed to run. ^^^
Huh, and You may not allowed few useful comands as vim, ftp, or lftp
... and others, that allows to run "local" commands. (Like ftp.:
!/bin/bash)
--
Tomasz Kuzniar <mezon@profnet.pl>
* Polska Platforma Internetowa *
~ ~ ~
"Zbieg okolicznosci - Fugitive of circumstances"
Reply to: