Re: restricted shell

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 10/16/2011 08:06 AM, Don Quixote de la Mancha wrote:
> 
> Chroot is great for securing certain kinds of things, but if the
> intended user is an administrator, he won't be able to administer any
> of the files outside of his chroot jail.
> 
> I'm pretty sure bash doesn't provide a facility like this, but there
> should be a different shell that does.
> 
> A simple hack that would work for any shell would be to remove the
> "others execute" permission from all of your executable programs,
> other than the commands you want him to be able to use.  You will also
> need to place him in his own group.
> 
> chmod o-x
> 
> will do it.
> 
> But some daemons run as unpriveliged users, either their own username
> or as "nobody".  You will need these daemons to be in a group that can
> run the commands.
> 
> Wholesale alteration of executable permissions could break your system
> in a big way, though.  The permissions might get reset by software
> updates.  It's probably best to keep looking for a shell that does
> what you really need.
> 
You may want to look at the -r option of bash, or bash invoked as
rbash. Unfortunately, there are ways to get around the restrictions
of rbash, or most other restricted shells.

Mikkel
- -- 
  Do not meddle in the affairs of dragons,
for thou art crunchy and taste good with Ketchup!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iEUEARECAAYFAk6bcB0ACgkQqbQrVW3JyMRTBwCY96wjeTFoV7k5pumC3mmyfTKA
jgCfVf+IRgZdpgsfH+4RzmJGoSzXeGg=
=Mjbx
-----END PGP SIGNATURE-----
-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux