[NTLUG:Discuss] restricting shell functions in a telnet session
Kevin Brannen
kbrannen at gte.net
Tue Apr 18 11:02:07 CDT 2000
David Camm wrote:
>
> several of our customers have asked if they could have telnet access to
> their information on our server. those who need it already have guest
> ftp access.
>
> in searching through the telnet and login docs, i can find no way to
> restrict a user's login shell to NOT go above the user's home directory,
> as guest or anonymous ftp does.
>
> since we've been a bit sloppy, going back and chekcing all permissions
> on all files to ensure that a user couldn't inadvertantly (or
> advertantly, for that matter) wreak any havoc would be a royal pain,
>
> is there any way of modifying (say) /etc/bashrc or /etc/profile to
> accomplish this?
>
> is there another way?
Have you considered changing their login shell to be "/bin/bash -r"?
You could also create a script that does something like:
chroot $HOME
/bin/bash
and make that their login shell (untested but the theory sounds good.
:-)
Kevin
More information about the Discuss
mailing list