Sponsored Content
Top Forums UNIX for Dummies Questions & Answers Home Directory Jail for Users Post 302114768 by pressy on Wednesday 18th of April 2007 01:14:59 PM
Old 04-18-2007
what's about rksh?

Code:
$ rksh
$ cd ..
rksh: cd: restricted
$ cd /
rksh: cd: restricted
$ /usr/sbin/ifconfig
rksh: /usr/sbin/ifconfig: restricted
$

from the man page:

rksh is used to set up login names and execution environ-
ments whose capabilities are more controlled than those of
the standard shell. The actions of rksh are identical to
those of ksh, except that the following are disallowed:

o changing directory (see cd(1))

o setting the value of SHELL, ENV, or PATH

o specifying path or command names containing /

o redirecting output (>, >|, <>, and >>)

o changing group (see newgrp(1)).

The restrictions above are enforced after .profile and the
ENV files are interpreted.

When a command to be executed is found to be a shell pro-
cedure, rksh invokes ksh to execute it. Thus, it is possi-
ble to provide to the end-user shell procedures that have
access to the full power of the standard shell, while impos-
ing a limited menu of commands; this scheme assumes that the
end-user does not have write and execute permissions in the
same directory.
The net effect of these rules is that the writer of the
.profile has complete control over user actions, by perform-
ing guaranteed setup actions and leaving the user in an
appropriate directory (probably not the login directory).

The system administrator often sets up a directory of com-
mands (that is, /usr/rbin) that can be safely invoked by
rksh.

still it's not perfect, but a good way to start...

regards pressy
 

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

Restrict users to ther home directory

Hello! I want users in a certain group to be restricted to their home directory. So that they have full access to all files and folders in their home directory but the cant go to any directory above. Does anyone know how to do this? Anders (1 Reply)
Discussion started by: alfabetman
1 Replies

2. UNIX for Dummies Questions & Answers

Profiles for users without home directory

Hi I want to know which profile will be called when a user without home directory is created. When I created a user without home directory(by setting in /etc/default/useradd), the user is able to login directly into the main "/" folder but with only read permissions. Thanks naina (3 Replies)
Discussion started by: naina
3 Replies

3. UNIX for Dummies Questions & Answers

lost /home/directory for users

I'm using HPUX 11i. The other day a user logon to the workstation and was not able to find the /home/directory (tom is the directory) I login myself and it is the same thing. The home directory is on the server, so I was thinking of using sam to map it again. does anyone know how to do it... (5 Replies)
Discussion started by: blizzgamer
5 Replies

4. Solaris

find home directory paths for all users

How to find al the user's home directories? (2 Replies)
Discussion started by: a2156z
2 Replies

5. Solaris

Common Home directory for different users??

Hi Guys, I have a problem with configuring a server. this is a solaris 10 with sparc platform. I have setup so that the server is Authenticating through NIS but I dont want the server to Mount the Home directories. The users need to logged in through the CDE/display. I have over 200 users... (2 Replies)
Discussion started by: Luky
2 Replies

6. UNIX for Advanced & Expert Users

about the access permission of users home directory

RHEL5.0 As we know, when root create a new user, a new home directory will be created : /home/user I want to know what determine the access permission of /home/user . Thanks! (1 Reply)
Discussion started by: cqlouis
1 Replies

7. Shell Programming and Scripting

script to check for a directory in /home for all users

Following on from this post: https://www.unix.com/shell-programming-scripting/150201-simple-script-mount-folder-all-users-home.html and getting told off for bumping the thread:( Please could someone help me with a short script to check is a certain directory is present in /home for all users... (8 Replies)
Discussion started by: barrydocks
8 Replies

8. Red Hat

SSH lock users to the Home Directory

Hi friends, I must to give ssh connection to own customer. So I want to lock ssh user on own home directory. It is not necessery to reach other folders. I know that ftp user can lock on own folder but I don't know how to lock ssh user. I am waitting your kindly helps :D ---------- Post... (10 Replies)
Discussion started by: getrue
10 Replies

9. AIX

close ssh users to the home directory

Hello, I must close ssh users to the home directory. It means the users musn't see anything inside their home directory. For example after login to the os and type this command "cd .." or "cd /" it musn't work. How can I implement it? (Probably chroot or rootsh but how?) (1 Reply)
Discussion started by: jeszi
1 Replies

10. UNIX for Advanced & Expert Users

Permissions on a directory in /home for all users

Hi, I have created a shared directory on /home, where all users on a certain group have read, write and execute permissions. I did this using chmod -R g+rwx /home/shared/ The problem is, when a particular user creates a directory within /home/shared, other users are not able to write to... (8 Replies)
Discussion started by: lost.identity
8 Replies
rsh(1M) 						  System Administration Commands						   rsh(1M)

NAME
rsh, restricted_shell - restricted shell command interpreter SYNOPSIS
/usr/lib/rsh [-acefhiknprstuvx] [argument]... DESCRIPTION
rsh is a limiting version of the standard command interpreter sh, used to restrict logins to execution environments whose capabilities are more controlled than those of sh (see sh(1) for complete description and usage). When the shell is invoked, it scans the environment for the value of the environmental variable, SHELL. If it is found and rsh is the file name part of its value, the shell becomes a restricted shell. The actions of rsh are identical to those of sh, except that the following are disallowed: o changing directory (see cd(1)), o setting the value of $PATH, o pecifying path or command names containing /, o redirecting output (> and >>). The restrictions above are enforced after .profile is interpreted. A restricted shell can be invoked in one of the following ways: 1. rsh is the file name part of the last entry in the /etc/passwd file (see passwd(4)); 2. the environment variable SHELL exists and rsh is the file name part of its value; the environment variable SHELL needs to be set in the .login file; 3. the shell is invoked and rsh is the file name part of argument 0; 4. the shell is invoke with the -r option. When a command to be executed is found to be a shell procedure, rsh invokes sh to execute it. Thus, it is possible to provide to the end- user shell procedures that have access to the full power of the standard shell, while imposing a limited menu of commands; this scheme assumes that the end-user does not have write and execute permissions in the same directory. The net effect of these rules is that the writer of the .profile (see profile(4)) has complete control over user actions by performing guaranteed setup actions and leaving the user in an appropriate directory (probably not the login directory). The system administrator often sets up a directory of commands (that is, /usr/rbin) that can be safely invoked by a restricted shell. Some systems also provide a restricted editor, red. EXIT STATUS
Errors detected by the shell, such as syntax errors, cause the shell to return a non-zero exit status. If the shell is being used non- interactively execution of the shell file is abandoned. Otherwise, the shell returns the exit status of the last command executed. ATTRIBUTES
See attributes(5) for descriptions of the following attributes: +-----------------------------+-----------------------------+ | ATTRIBUTE TYPE | ATTRIBUTE VALUE | +-----------------------------+-----------------------------+ |Availability |SUNWcsu | +-----------------------------+-----------------------------+ SEE ALSO
intro(1), cd(1), login(1), rsh(1), sh(1), exec(2), passwd(4), profile(4), attributes(5) NOTES
The restricted shell, /usr/lib/rsh, should not be confused with the remote shell, /usr/bin/rsh, which is documented in rsh(1). SunOS 5.11 1 Nov 1993 rsh(1M)
All times are GMT -4. The time now is 07:44 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy