Re: Restrict a user to a set of binaries?

To: debian-user@lists.debian.org
Subject: Re: Restrict a user to a set of binaries?
From: Bob Proulx <bob@proulx.com>
Date: Fri, 2 Mar 2012 03:16:06 -0700
Message-id: <[🔎] 20120302101606.GC23883@discord.proulx.com>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] CAD4guxOma-ic+ygVOasRVS6KteQXte299ZnjaUoC9wERgHhhkg@mail.gmail.com>
References: <[🔎] CACvomdSxda8BgrsA0Byhm3kh8-AFUXkS4XO2ZA1=LEZkvYCrBg@mail.gmail.com> <[🔎] CAD4guxPTFHzRSuPEYx6jXyM_-8YAg7dw=O=AA=u6cRy=-HLe9A@mail.gmail.com> <[🔎] 20120302093618.GA11433@debian> <[🔎] CAD4guxOma-ic+ygVOasRVS6KteQXte299ZnjaUoC9wERgHhhkg@mail.gmail.com>

Raffaele Morelli wrote:
> Jon Dowland wrote:
> > Raffaele Morelli wrote:
> > > You can remove /bin/ and/or /usr/local/bin from his PATH by changing its
> > > /home/user/.profile
> >
> > They could just add it back, though. This doesn't offer any serious
> > protection.
> 
> Of course, but then
> chown root:user .profile
> chmod 644 .profile

That won't stop a user from doing this on the command line:

  PATH=/usr/local/bin:/usr/bin:/bin:$PATH

Just type it in.

Bob

Attachment: signature.asc
Description: Digital signature

Reply to:

References:
- Restrict a user to a set of binaries?
  - From: Bijoy Lobo <bijoy.lobo@paladion.net>
- Re: Restrict a user to a set of binaries?
  - From: Raffaele Morelli <raffaele.morelli@gmail.com>
- Re: Restrict a user to a set of binaries?
  - From: Jon Dowland <jmtd@debian.org>
- Re: Restrict a user to a set of binaries?
  - From: Raffaele Morelli <raffaele.morelli@gmail.com>

Prev by Date: Re: Readonly filesystem on boot
Next by Date: Re: Where's my tap to click?
Previous by thread: Re: Restrict a user to a set of binaries?
Next by thread: Re: Restrict a user to a set of binaries?
Index(es):
- Date
- Thread