[NTLUG:Discuss] restricting shell functions in a telnet session
David Camm
bbai at onramp.net
Tue Apr 18 14:17:06 CDT 2000
thanks, kevin....
i look at the man pages for bash and couldn't find a -r parm.....
Kevin Brannen wrote:
>
> David Camm wrote:
> >
> > several of our customers have asked if they could have telnet access to
> > their information on our server. those who need it already have guest
> > ftp access.
> >
> > in searching through the telnet and login docs, i can find no way to
> > restrict a user's login shell to NOT go above the user's home directory,
> > as guest or anonymous ftp does.
> >
> > since we've been a bit sloppy, going back and chekcing all permissions
> > on all files to ensure that a user couldn't inadvertantly (or
> > advertantly, for that matter) wreak any havoc would be a royal pain,
> >
> > is there any way of modifying (say) /etc/bashrc or /etc/profile to
> > accomplish this?
> >
> > is there another way?
>
> Have you considered changing their login shell to be "/bin/bash -r"?
> You could also create a script that does something like:
>
> chroot $HOME
> /bin/bash
>
> and make that their login shell (untested but the theory sounds good.
> :-)
>
> Kevin
>
> _______________________________________________
> http://ntlug.org/mailman/listinfo/discuss
More information about the Discuss
mailing list