|
|
|
|
|
|
| Author |
Message |
Falk Husemann
*nix forums beginner
Joined: 22 Mar 2006
Posts: 2
|
 Posted: Wed Mar 22, 2006 3:53 pm Post subject:
Re: Restricted shell
|
|
|
Lars Bonnesen schrieb:
Hi Lars!
| Quote: | What is the way to have a user with shell login restircted to only one
directory - not being able to move around?
|
I've had to built the same for server of us. I used rksh as you did,
created a seperate directory full of apps the users are to use and set
PATH to that directory exclusively. I provides the flexibility to choose
which versions, gnu or not etc.
As Rodrick said. If "they" have a compiler or interpreter at hand there
is the possibility of the lusers doing "things".
Greets,
Falk |
|
| Back to top |
|
 |
igor@nospam.invalid
*nix forums addict
Joined: 17 Aug 2005
Posts: 81
|
| Posted: Sat Dec 03, 2005 12:48 am Post subject:
Re: Restricted shell
|
|
|
Lars Bonnesen <none@invalid> wrote:
| Quote: |
What is the way to have a user with shell login restircted to only one
directory - not being able to move around?
|
As a restricted shell does not allow a user to change the SHELL, ENV,
and PATH environment variables, nor calling commands using absolute
or relative paths, you must be sure he has a PATH environment variable
to a ~/bin directory that has only the commands he is allowed to run.
Be careful choosing the commands he is allowed to use (e.g., vi(1)
allows any user to run an unrestricted shell by typing, we say,
:!/bin/sh, as it does not has the same restrictions as an r*sh).
Cheers,
Igor. |
|
| Back to top |
|
|
rodrick.brown@gmail.com
*nix forums beginner
Joined: 01 Nov 2005
Posts: 37
|
| Posted: Tue Nov 08, 2005 6:40 pm Post subject:
Re: Restricted shell
|
|
|
"Lars Bonnesen" <none@invalid> wrote in message
news:436ccd87$0$8867$edfadb0f@dread14.news.tele.dk...
| Quote: | Got a user that are going to have SSH access to one of my OpenBSD boxed.
I want to have him restricted so that he cannot move around on the system,
but for what I have found out, chroot like in FTP is a strange thing when
talking SSH (or telnet for that matter).
So I have played around a but with rksh. I edited his default shell with
vipw to be rksh - and it works. Well, there are to things that makes it
not working:
1) he can change shell by himself to say csh, and then he can move around
on my OBSD box.
2) in rksh, he can start Midnight Commander and browse allmost the whole
system.
What is the way to have a user with shell login restircted to only one
directory - not being able to move around?
Regards, Lars.
|
If you dont trust this user dont give him a shell, its as simple as that, if
your system is configured correctly permissions and file access permissions
you should not have to worry about this user getting into areas (s)he
shouldnt, restricted shells are a joke especially when you have compilers,
and proigramming interperters around perl, ruby php etc.. that can easily
for a shell.
--
Rodrick R. Brown
Senior IT Consultant
http://www.rodrickbrown.com
rodrick.brown[<@>]gmail.com
When in 1986 Apple bought a Cray X-MP and announced that they would use it
to design the next Apple Macintosh, Seymour Cray replied, "This is very
interesting because I am using an Apple Macintosh to design the Cray-2
supercomputer." |
|
| Back to top |
|
|
Lars Bonnesen
*nix forums beginner
Joined: 22 Sep 2005
Posts: 22
|
| Posted: Sat Nov 05, 2005 3:19 pm Post subject:
Restricted shell
|
|
|
Got a user that are going to have SSH access to one of my OpenBSD boxed.
I want to have him restricted so that he cannot move around on the system,
but for what I have found out, chroot like in FTP is a strange thing when
talking SSH (or telnet for that matter).
So I have played around a but with rksh. I edited his default shell with
vipw to be rksh - and it works. Well, there are to things that makes it not
working:
1) he can change shell by himself to say csh, and then he can move around on
my OBSD box.
2) in rksh, he can start Midnight Commander and browse allmost the whole
system.
What is the way to have a user with shell login restircted to only one
directory - not being able to move around?
Regards, Lars. |
|
| Back to top |
|
|
Google
|
|
| Back to top |
|
|
|
|
The time now is Thu Jan 08, 2009 8:05 am | All times are GMT
|
|
Myspace Backgrounds | Remortgages | Loans | Tesco | Myspace Layouts
|
|
Copyright © 2004-2005 DeniX Solutions SRL
|
|
|
|
Other DeniX Solutions sites:
Unix/Linux blog |
electronics forum |
medicine forum |
science forum |
|
|
Privacy Policy
|
Powered by phpBB © 2001, 2005 phpBB Group
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
Forum index
»
*nix
»
BSD
»
OpenBSD
