Re: Minimizing shell access on my VPS

To: debian-user@lists.debian.org
Subject: Re: Minimizing shell access on my VPS
From: Reco <recoverym4n@gmail.com>
Date: Sat, 18 Jan 2014 20:11:49 +0400
Message-id: <[🔎] 20140118201149.ad063d1e8d0a7989d9d9c5ad@gmail.com>
In-reply-to: <[🔎] dugqqax2le.ln2@news.roaima.co.uk>
References: <[🔎] 20140118012316.47d85e2c@rosie> <[🔎] 20140118175220.9466d3e8eca89f8bca1c22e1@gmail.com> <[🔎] dugqqax2le.ln2@news.roaima.co.uk>

 Hi.

On Sat, 18 Jan 2014 14:50:21 +0000
Chris Davies <chris-usenet@roaima.co.uk> wrote:

> Reco <recoverym4n@gmail.com> wrote:
> > Set up another user with /bin/rbash (not straight /bin/bash) as a shell.
> > Set PATH in .bashrc of said user to that program.
> 
> Unfortunately rbash has a race condition built in to its execution of
> .profile by definition (it doesn't disable the interrupt signal until
> after the .profile has been executed, so it becomes quite possible to
> Ctrl/C during login and gain an interactive shell). You'd be better off
> with rksh, which works properly.

Didn't know it, thanks.


> But then again, .profile can be bypassed by a non-interactive login:
> 
> 	ssh remotehost mv -f .profile .p
> 	ssh remotehost

'chattr +i .profile' should solve that issue.
In fact, in OP's situtation I'd chattr'ed anything in restricted
user's home.

Reco

Reply to:

Follow-Ups:
- Re: Minimizing shell access on my VPS
  - From: Bob Proulx <bob@proulx.com>

References:
- Minimizing shell access on my VPS
  - From: Aubrey Raech <aubrey@raech.net>
- Re: Minimizing shell access on my VPS
  - From: Reco <recoverym4n@gmail.com>
- Re: Minimizing shell access on my VPS
  - From: Chris Davies <chris-usenet@roaima.co.uk>

Prev by Date: Re: Connot load Wheezy in a "virgin" desktop -- FAILURE
Next by Date: Re: sad but true, Linux sucks, a bit
Previous by thread: Re: Minimizing shell access on my VPS
Next by thread: Re: Minimizing shell access on my VPS
Index(es):
- Date
- Thread