Re: How to restrict ssh user to the home directory ?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Apr 23, 2009 at 7:57 AM, J. Bakshi <bakshi12@xxxxxxxxx> wrote:
> On Wed, 22 Apr 2009 11:21:06 -0600
> Benny Helms <benny@xxxxxxxxxx> wrote:
>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> You always have the option of changing their login shell to
>> '/bin/bash -s' which locks them in.  Unfortunately, it also takes
>> away their access to things like, 'ls' and 'cp' and 'vi', etc.,
>> unless you include copies in their home folder.
>>
>> You also need to remember that some apps like 'vim' will allow a user
>> a shell escape which can break the limits you set.  Make sure to give
>> them access only to the secure version.  For 'vim' that would be
>> 'rvim'.
>
> thanks a lot for the rvim tip.
> I am grateful to you to make me aware that vim allows shell access.

A lot of utilities allow shell access.
more
less
vi
nvi
vim
emacs
nano
pico
awk
...

If you have perl access, you have fork/exec access.

uploading your own binaries that fork/exec...

general shell access is not easy to do securely.

chroot is basically your only choice.

-- 
And, did Galoka think the Ulus were too ugly to save?
                                         -Centauri


[Index of Archives]     [Open SSH Unix Development]     [Fedora Users]     [Fedora Desktop]     [Yosemite Backpacking]     [KDE Users]     [Gnome Users]

  Powered by Linux