Search Postgresql Archives

Re: Disable executing external commands from psql?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




Sure use SHELL=/usr/bin/false:

	$ SHELL=/usr/bin/false psql
	psql (9.0beta1)
	Type "help" for help.
	
	postgres=>  \!
	postgres=>


Trouble is, that doesn't stop

\! bash


On 06/01/2010 04:57 PM, Bruce Momjian wrote:
Ken Tanzer wrote:
Hi.  I'm wondering if it is possible to disable use of  \! to execute
commands in psql?  I see this has come up on the list before
(http://archives.postgresql.org/pgsql-admin/2007-07/msg00242.php), but I
don't see anyone saying whether it is possible or not, just that it's a
bad or useless idea.

It may or may not be a bad idea (e.g., carry some risk).  My scenario is
that I'd like to give people that I don't necessarily know (or therefore
trust) the ability to run psql for a database I've already set up for
them.  I set their login shell to psql, so they can simply ssh in, and
they are in psql.  From there, though, they can do a simple \!
/bin/bash, and they've got way more access than I want them to.

So is there any way to disable the "\!" stuff?  If there's a better way
to go about this, I suppose I'm all ears too!
Sure use SHELL=/usr/bin/false:

	$ SHELL=/usr/bin/false psql
	psql (9.0beta1)
	Type "help" for help.
	
	postgres=>  \!
	postgres=>



--
-------------------------------------------------------
AGENCY Software
For nonprofits that want to take control of their data

Use it.  Like it.  Share it.  Build it.  Buy it.
http://agency-software.org
-------------------------------------------------------


--
Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Postgresql Jobs]     [Postgresql Admin]     [Postgresql Performance]     [Linux Clusters]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Books]     [PHP Databases]     [Postgresql & PHP]     [Yosemite]
  Powered by Linux