[NTLUG:Discuss] restricting shell functions in a telnet session
Seth Daniel
seth at ti.com
Tue Apr 18 15:43:07 CDT 2000
It's in there. You can accomplish the same thing buy making
a symlink called rbash and pointing it at bash. Then change the
shells in the passwd file to rbash.
Perhaps you have an older bash? Or an older bash man page?
On Tue, Apr 18, 2000 at 02:17:06PM -0500, David Camm wrote:
> thanks, kevin....
>
> i look at the man pages for bash and couldn't find a -r parm.....
>
> Kevin Brannen wrote:
> >
> > David Camm wrote:
> > >
> > > several of our customers have asked if they could have telnet access to
> > > their information on our server. those who need it already have guest
> > > ftp access.
> > >
> > > in searching through the telnet and login docs, i can find no way to
> > > restrict a user's login shell to NOT go above the user's home directory,
> > > as guest or anonymous ftp does.
> > >
> > > since we've been a bit sloppy, going back and chekcing all permissions
> > > on all files to ensure that a user couldn't inadvertantly (or
> > > advertantly, for that matter) wreak any havoc would be a royal pain,
> > >
> > > is there any way of modifying (say) /etc/bashrc or /etc/profile to
> > > accomplish this?
> > >
> > > is there another way?
> >
> > Have you considered changing their login shell to be "/bin/bash -r"?
> > You could also create a script that does something like:
> >
> > chroot $HOME
> > /bin/bash
> >
> > and make that their login shell (untested but the theory sounds good.
> > :-)
> >
> > Kevin
> >
> > _______________________________________________
> > http://ntlug.org/mailman/listinfo/discuss
>
> _______________________________________________
> http://ntlug.org/mailman/listinfo/discuss
--
seth daniel | Texas Instruments DMOS4/5
seth at ti.com | Automation Engineering
More information about the Discuss
mailing list