[NTLUG:Discuss] restricting shell functions in a telnet session
Seth Daniel
seth at ti.com
Thu Apr 20 08:01:43 CDT 2000
Yeah, you're prett much correct. For the original poster
I recommend using rbash/bash -r _plus_ putting ``chroot $HOME''
in the global profile (generally it's /etc/profile). I think
that should give him what he wants.
Be advised that chrooting can affect whether certain programs
run. I imagine you'd have to move the shared libraries to some
accessable directory and/or create a special directory with
statically linked binaries. Or, at least, you used to have to
do this.
On Thu, Apr 20, 2000 at 07:03:31AM -0500, MadHat wrote:
> Seth Daniel wrote:
> >
> > >From my bash man page:
> >
> > RESTRICTED SHELL
> > If bash is started with the name rbash, or the -r option
> > is supplied at invocation, the shell becomes restricted.
> > A restricted shell is used to set up an environment more
> > controlled than the standard shell.
> >
> > Basically it will know that it's supposed to be a restricted
> > shell. It's the same thing as using the -r argument.
> >
>
> I am running the bash that comes with the distributions, which all
> appear to be non bash2.x (which means no -r option, or mention of
> rbash), and still my understanding of rsh (the restricted shell I have
> used) all you can really do is do better tracking of who runs what and
> what they are allowed to run (like with sudo), and does not help in
> chrooting a user. Is this correct in this as well?
>
>
> --
> %_=split';','2e;hac;40;not;64;ju;66; Perl ;68;st a;6f;ker;75;her';
> print map $_{unpack "H2",$_}, split //,
> 'madhat at unspecific.com'
> # aka Lee Heath, but don't tell anyone.
>
> _______________________________________________
> http://ntlug.org/mailman/listinfo/discuss
More information about the Discuss
mailing list