[NTLUG:Discuss] restricting shell functions in a telnet session
David Camm
bbai at onramp.net
Tue Apr 18 17:19:07 CDT 2000
Seth Daniel wrote:
>
> It's in there. You can accomplish the same thing buy making
> a symlink called rbash and pointing it at bash. Then change the
> shells in the passwd file to rbash.
i'm not sure a understand why ln -s /bin/bash rbash, then executing
rbash would change the behavior of bash. am i missing something?
>
> Perhaps you have an older bash? Or an older bash man page?
redhat 5.2 - 2.0.36 kernel
>
> On Tue, Apr 18, 2000 at 02:17:06PM -0500, David Camm wrote:
> > thanks, kevin....
> >
> > i look at the man pages for bash and couldn't find a -r parm.....
> >
> > Kevin Brannen wrote:
> > >
> > > David Camm wrote:
> > > >
> > > > several of our customers have asked if they could have telnet access to
> > > > their information on our server. those who need it already have guest
> > > > ftp access.
> > > >
> > > > in searching through the telnet and login docs, i can find no way to
> > > > restrict a user's login shell to NOT go above the user's home directory,
> > > > as guest or anonymous ftp does.
> > > >
> > > > since we've been a bit sloppy, going back and chekcing all permissions
> > > > on all files to ensure that a user couldn't inadvertantly (or
> > > > advertantly, for that matter) wreak any havoc would be a royal pain,
> > > >
> > > > is there any way of modifying (say) /etc/bashrc or /etc/profile to
> > > > accomplish this?
> > > >
> > > > is there another way?
> > >
> > > Have you considered changing their login shell to be "/bin/bash -r"?
> > > You could also create a script that does something like:
> > >
> > > chroot $HOME
> > > /bin/bash
> > >
> > > and make that their login shell (untested but the theory sounds good.
> > > :-)
> > >
> > > Kevin
> > >
> > > _______________________________________________
> > > http://ntlug.org/mailman/listinfo/discuss
> >
> > _______________________________________________
> > http://ntlug.org/mailman/listinfo/discuss
>
> --
> seth daniel | Texas Instruments DMOS4/5
> seth at ti.com | Automation Engineering
>
> _______________________________________________
> http://ntlug.org/mailman/listinfo/discuss
More information about the Discuss
mailing list