Hello and Welcome from United States to the UNIX and Linux Forums! Thank You for Visiting and Joining Our Global Community.
|
Hello and Welcome from United States to the UNIX and Linux Forums! Thank You for Visiting and Joining Our Global Community.
|
|
google unix.com
|
|||||||
| Forums | Register | Forum Rules | Links | Albums | FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
 |
| Security Discuss UNIX and Linux computer and network security, cybersecurity, cyberattacks, IT security, CISSP, OWASP and more. |
More UNIX and Linux Forum Topics You Might Find Helpful
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| preventing the banner from being shown | BG_JrAdmin | SUN Solaris | 1 | 05-22-2006 06:39 PM |
| Preventing passwd root? | scottsl | UNIX for Advanced & Expert Users | 4 | 01-06-2006 12:32 PM |
| Switching shells in UNIX Scripts | Scoobiez | Shell Programming and Scripting | 2 | 11-10-2005 12:35 PM |
| preventing others to run processes on my machine | besharam | UNIX for Advanced & Expert Users | 3 | 10-17-2005 02:32 PM |
| switching shells?? | xNYx | UNIX for Dummies Questions & Answers | 6 | 11-21-2002 04:43 PM |
 |
Powered by 
|
|
|
LinkBack | Thread Tools | Search this Thread | Rate Thread | Display Modes |
01-08-2009
|
||||
|
||||
|
Preventing switching shells
Hello,
My firm has a requirement that everyone must use bash. Of course, there can be exceptions so I do not want to disable the other shells. But is there a way that I can prevent users from switching to another shell? Thank you. |
|
01-08-2009
|
||||
|
||||
|
You can disable access to chsh. But that will never stop somebody from changing the shebang line in a script. If you already have production and startup scripts in bourne shell or ksh or whatever you cannot deny access to those shells.
Can you more clearly define what you want to acheive? What OS are we talking about here? |
|
01-08-2009
|
||||
|
||||
|
Certainly, as best as I can.
The firm decided simply to restrict everyone to the bash shell for "security" reasons. It is a small enough firm that they might be able to get away with it, but it would be nice to enforce it. They have documented it as policy, but they would like to have something a bit more strict, forcing everyone to only use bash. I was not sure that it could be done but I figured that I would ask. |
|
01-08-2009
|
||||
|
||||
|
It can be done. Not a great idea on production machines.
Assuming there are no production or system scripts written in anything but /bin/sh or bin/bash (and /bin/sh is a symlink to bash), make all of the "other" shells symlinks to /usr/bin/bash. /bin/sh should also ALREADY be a link to /bin/bash, ie the system boots up error-free using bash. If it is not - do not do this. Restrict access to /usr/bin/chsh - deny other execute. The only other problem is somebody using passwd -s to change shells. All that will happen there is they will "change" to bash anyway. None of this is a great idea. There could be scripts somewhere that depend on ksh wierdness and you just broke them, for example. I am also not convinced about security concerns unless there are shells that some user downloaded off the net on your box somewhere. You may want to et rid of those anyway whether or not you can lock down to bash-only. |
|
01-08-2009
|
||||
|
||||
|
Thank you. I just wanted to mention (since I left it off before) that we are talking about Solaris machines.
I agree with you about not seeing the security advantage here, but I figured that I would research it and be prepared for that possibility. |
|
01-22-2009
|
|||||
|
|||||
|
The current default shell on Solaris is the Bourne shell. All the startup scripts depend on it. If you are going to change it to bash, you need to test your startup and shutdown scripts carefully.
|
| Sponsored Links | ||
|
|
|
| Bookmarks |
| Thread Tools | Search this Thread |
| Display Modes | Rate This Thread |
|
|
Linear Mode
