Re: restricted bash (rbash)

To: Alexander Hvostov <vulture@aoi.dyndns.org>
Subject: Re: restricted bash (rbash)
From: Pedro Zorzenon Neto <pzn@terra.com.br>
Date: Wed, 15 Nov 2000 12:59:44 -0200
Message-id: <[🔎] 20001115125944.A3930@mantis.autsens.localnet>
Reply-to: pzn@terra.com.br
In-reply-to: <[🔎] Pine.LNX.4.21.0011150006240.17428-100000@cornerstone.core.aoi>; from vulture@aoi.dyndns.org on Wed, Nov 15, 2000 at 12:08:30AM -0800
References: <[🔎] 20001114165227.K517@tolot.meuer.de> <[🔎] Pine.LNX.4.21.0011150006240.17428-100000@cornerstone.core.aoi>

   That worked really well.
   
   I changed in /etc/passwd
     home directory of my restricted users to: /usr/local/bin/restricted
     users's shell to: /bin/rbash
   And created .bashrc .bash_profile in /usr/local/bin/restricted with:
     export PATH=~
   
   Then I put the commands I want to give access
     ln -s /bin/commandX /usr/local/bin/restricted/commandX

      Thanks 4 all
       Pedro

On Wed, Nov 15, 2000 at 12:08:30AM -0800, Alexander Hvostov wrote:
> Jochen,
> 
> mkdir /usr/local/bin/restricted;ln -s <command>
> /usr/local/bin/restricted/<command>;...
> 
> export PATH=/usr/local/bin/restricted;exec rbash
> 
> ...boom. Now only the commands you want the user to be able to run will be
> available. Shell scripts, however, continue to work fine, since their
> `hash bang' doesn't pay attention to the PATH anyway (which I think is
> more than slightly objectionable, but that's beyond the scope of this
> email).
> 
> Regards,
> 
> Alex.
> 
> ---
> PGP/GPG Fingerprint:
>   EFD1 AC6C 7ED5 E453 C367  AC7A B474 16E0 758D 7ED9
> 
> -----BEGIN GEEK CODE BLOCK-----
> Version: 3.12
> GCS/CM>CC/IT d- s:+ a16 C++(++++)>$ UL++++>$ P--- L++>++$ E+ W+(-) N+ o? K? w---() 
> !O !M !V PS+(++)>+ PE-(--) Y+>+ PGP t+>++ !5 X-- R>++ tv(+) b+(++) DI(+) D++ 
> G>+++ e--> h! !r y>+++ 
> ------END GEEK CODE BLOCK------
> 
> On Tue, 14 Nov 2000, Jochen Striepe wrote:
> 
> >         Hi,
> > 
> > On 14 Nov 2000, Pedro Zorzenon Neto <pzn@terra.com.br> wrote:
> > > 
> > >   When the user logs in, rbash is being executed and the restricted login is
> > > working well. But, if the user executes 'bash', everything becames unrestricted.
> > > 
> > >   How can I deny the execution of shells inside rbash?
> > 
> > How do you expect any shell script to work if you do so? Or did I just 
> > get something wrong?
> > 
> > 
> > So long,
> > 
> > Jochen.
> > 
> > -- 
> > FAQ zur Newsgroup at.linux:
> > <http://alfie.ist.org/LinuxFAQ/>
> > 
> > 
> 
> 
> --  
> To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> 
> 
> 

-- 
Why don't you try 'Mutt' and 'GnuPG'?
Get my public key at http://www.keyserver.net
1024D/7274AA07 9F1F 1EBB 29A4 918D 2C5F  FB9C 39C9 7963 7274 AA07

Attachment: pgpwMHKzoecxJ.pgp
Description: PGP signature

Reply to:

References:
- Re: restricted bash (rbash)
  - From: Jochen Striepe <j.striepe@tu-bs.de>
- Re: restricted bash (rbash)
  - From: Alexander Hvostov <vulture@aoi.dyndns.org>

Prev by Date: Re: #76788: forced ssh agent/X forwarding vulnerability
Next by Date: Re: restricted bash (rbash)
Previous by thread: Re: restricted bash (rbash)
Next by thread: Re: restricted bash (rbash)
Index(es):
- Date
- Thread