[NTLUG:Discuss] restricting shell functions in a telnet session

Kevin Brannen kbrannen at gte.net
Tue Apr 18 11:02:07 CDT 2000


David Camm wrote:
> 
> several of our customers have asked if they could have telnet access to
> their information on our server.  those who need it already have guest
> ftp access.
> 
> in searching through the telnet and login docs, i can find no way to
> restrict a user's login shell to NOT go above the user's home directory,
> as guest or anonymous ftp does.
> 
> since we've been a bit sloppy, going back and chekcing all permissions
> on all files to ensure that a user couldn't inadvertantly (or
> advertantly, for that matter) wreak any havoc would be a royal pain,
> 
> is there any way of modifying (say) /etc/bashrc or /etc/profile to
> accomplish this?
> 
> is there another way?

Have you considered changing their login shell to be "/bin/bash -r"? 
You could also create a script that does something like:

	chroot $HOME
	/bin/bash

and make that their login shell (untested but the theory sounds good.
:-)

Kevin




More information about the Discuss mailing list