Re: chroot()ing a user's login
Jim Breton writes:
> I would if they weren't all in the same dir.... Plus lots of other useful
> things like chmod.
>
> OTOH, anyone who did manage to hack an account with a restricted shell
> wouldn't have any business running chmod, so I suppose you could get away
> with just taking /bin out of his path. But then I imagine you might run
> into problems where the uid has to run shell scripts, then you're screwed
> again. :P hmmm. I guess then you would have to put a copy of a shell
> back in his path somewhere.
>
> At any rate I still haven't figured out why that account can't log in.
> :-\
>
>
> On Mon, 13 Dec 1999, Stuart Ballard wrote:
>
> > But with a restricted shell you can't run anything that isn't in your
> > path, so just take all shells out of the path and bam, you're restricted
> > again! :)
I've setup an account with
- restricted shell => rbash
- shell initialization files owned by root and readonly
(.bashrc, etc )
- symlinked harmless binaries to /usr/local/bin
- set PATH=/usr/local/bin in .bash_profile
That solved the functionality issue and a hope the security issue as
well.
Can someone tell me if not?
--
______________________________________________________
Felipe Alvarez Harnecker. QlSoftware.
Tel. 09.874.60.17 e-mail: felipe.alvarez@qlsoft.cl
Potenciado por Ql/Linux http://www.qlsoft.cl
______________________________________________________
Reply to: