[NTLUG:Discuss] restricting shell functions in a telnet session

[MadHat]

Seth Daniel wrote:
> 
> Yeah, you're prett much correct.  For the original poster
> I recommend using rbash/bash -r _plus_ putting ``chroot $HOME''
> in the global profile (generally it's /etc/profile).  I think
> that should give him what he wants.
> 
> Be advised that chrooting can affect whether certain programs
> run.  I imagine you'd have to move the shared libraries to some
> accessable directory and/or create a special directory with
> statically linked binaries.  Or, at least, you used to have to
> do this.

Good point.  I know that chroot'ing can be more secure, but it can be a
pain in...  to maintain.  Any program that has to be run from the
chroot'ed env, either has to be statically linked or copies of the
libraries to have to be moved.  Also, you have to have a copy of the
/etc/passwd (not the /etc/shadow) in the chrooted env for some programs
to report back the proper name of the owners (and /etc/group for the
group name).  There is also an issue with timezone, where you have to
have a copy of the zone file (normally likned as timezone in the /etc/
directory) otherwise you get the wrong date and time stamp when looking
at files.  Most of this is based on experience of chroot'ing FTP (since
that is more common for me than a chroot'ed shell), but I would expect
you would run into similar problems.

-- 
%_=split';','2e;hac;40;not;64;ju;66; Perl ;68;st a;6f;ker;75;her';
print map $_{unpack "H2",$_}, split //,
'madhat at unspecific.com'
# aka Lee Heath, but don't tell anyone.