Sure use SHELL=/usr/bin/false:
$ SHELL=/usr/bin/false psql
psql (9.0beta1)
Type "help" for help.
postgres=> \!
postgres=>
Trouble is, that doesn't stop
\! bash
On 06/01/2010 04:57 PM, Bruce Momjian wrote:
Ken Tanzer wrote:
Hi. I'm wondering if it is possible to disable use of \! to execute
commands in psql? I see this has come up on the list before
(http://archives.postgresql.org/pgsql-admin/2007-07/msg00242.php), but I
don't see anyone saying whether it is possible or not, just that it's a
bad or useless idea.
It may or may not be a bad idea (e.g., carry some risk). My scenario is
that I'd like to give people that I don't necessarily know (or therefore
trust) the ability to run psql for a database I've already set up for
them. I set their login shell to psql, so they can simply ssh in, and
they are in psql. From there, though, they can do a simple \!
/bin/bash, and they've got way more access than I want them to.
So is there any way to disable the "\!" stuff? If there's a better way
to go about this, I suppose I'm all ears too!
Sure use SHELL=/usr/bin/false:
$ SHELL=/usr/bin/false psql
psql (9.0beta1)
Type "help" for help.
postgres=> \!
postgres=>
--
-------------------------------------------------------
AGENCY Software
For nonprofits that want to take control of their data
Use it. Like it. Share it. Build it. Buy it.
http://agency-software.org
-------------------------------------------------------
--
Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general
