Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Home Directory Jail for Users
Top Forums UNIX for Dummies Questions & Answers Home Directory Jail for Users Post 302114768 by pressy on Wednesday 18th of April 2007 01:14:59 PM
Old 04-18-2007
what's about rksh?

Code:
$ rksh
$ cd ..
rksh: cd: restricted
$ cd /
rksh: cd: restricted
$ /usr/sbin/ifconfig
rksh: /usr/sbin/ifconfig: restricted
$

from the man page:

rksh is used to set up login names and execution environ-
ments whose capabilities are more controlled than those of
the standard shell. The actions of rksh are identical to
those of ksh, except that the following are disallowed:

o changing directory (see cd(1))

o setting the value of SHELL, ENV, or PATH

o specifying path or command names containing /

o redirecting output (>, >|, <>, and >>)

o changing group (see newgrp(1)).

The restrictions above are enforced after .profile and the
ENV files are interpreted.

When a command to be executed is found to be a shell pro-
cedure, rksh invokes ksh to execute it. Thus, it is possi-
ble to provide to the end-user shell procedures that have
access to the full power of the standard shell, while impos-
ing a limited menu of commands; this scheme assumes that the
end-user does not have write and execute permissions in the
same directory.
The net effect of these rules is that the writer of the
.profile has complete control over user actions, by perform-
ing guaranteed setup actions and leaving the user in an
appropriate directory (probably not the login directory).

The system administrator often sets up a directory of com-
mands (that is, /usr/rbin) that can be safely invoked by
rksh.

still it's not perfect, but a good way to start...

regards pressy
 

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

Restrict users to ther home directory

Hello! I want users in a certain group to be restricted to their home directory. So that they have full access to all files and folders in their home directory but the cant go to any directory above. Does anyone know how to do this? Anders (1 Reply)
Discussion started by: alfabetman
1 Replies

2. UNIX for Dummies Questions & Answers

Profiles for users without home directory

Hi I want to know which profile will be called when a user without home directory is created. When I created a user without home directory(by setting in /etc/default/useradd), the user is able to login directly into the main "/" folder but with only read permissions. Thanks naina (3 Replies)
Discussion started by: naina
3 Replies

3. UNIX for Dummies Questions & Answers

lost /home/directory for users

I'm using HPUX 11i. The other day a user logon to the workstation and was not able to find the /home/directory (tom is the directory) I login myself and it is the same thing. The home directory is on the server, so I was thinking of using sam to map it again. does anyone know how to do it... (5 Replies)
Discussion started by: blizzgamer
5 Replies

4. Solaris

find home directory paths for all users

How to find al the user's home directories? (2 Replies)
Discussion started by: a2156z
2 Replies

5. Solaris

Common Home directory for different users??

Hi Guys, I have a problem with configuring a server. this is a solaris 10 with sparc platform. I have setup so that the server is Authenticating through NIS but I dont want the server to Mount the Home directories. The users need to logged in through the CDE/display. I have over 200 users... (2 Replies)
Discussion started by: Luky
2 Replies

6. UNIX for Advanced & Expert Users

about the access permission of users home directory

RHEL5.0 As we know, when root create a new user, a new home directory will be created : /home/user I want to know what determine the access permission of /home/user . Thanks! (1 Reply)
Discussion started by: cqlouis
1 Replies

7. Shell Programming and Scripting

script to check for a directory in /home for all users

Following on from this post: https://www.unix.com/shell-programming-scripting/150201-simple-script-mount-folder-all-users-home.html and getting told off for bumping the thread:( Please could someone help me with a short script to check is a certain directory is present in /home for all users... (8 Replies)
Discussion started by: barrydocks
8 Replies

8. Red Hat

SSH lock users to the Home Directory

Hi friends, I must to give ssh connection to own customer. So I want to lock ssh user on own home directory. It is not necessery to reach other folders. I know that ftp user can lock on own folder but I don't know how to lock ssh user. I am waitting your kindly helps :D ---------- Post... (10 Replies)
Discussion started by: getrue
10 Replies

9. AIX

close ssh users to the home directory

Hello, I must close ssh users to the home directory. It means the users musn't see anything inside their home directory. For example after login to the os and type this command "cd .." or "cd /" it musn't work. How can I implement it? (Probably chroot or rootsh but how?) (1 Reply)
Discussion started by: jeszi
1 Replies

10. UNIX for Advanced & Expert Users

Permissions on a directory in /home for all users

Hi, I have created a shared directory on /home, where all users on a certain group have read, write and execute permissions. I did this using chmod -R g+rwx /home/shared/ The problem is, when a particular user creates a directory within /home/shared, other users are not able to write to... (8 Replies)
Discussion started by: lost.identity
8 Replies

LEARN ABOUT DEBIAN

rbash

RBASH(1)						      General Commands Manual							  RBASH(1)

NAME

       rbash - restricted bash, see bash(1)

RESTRICTED SHELL

       If  bash  is  started with the name rbash, or the -r option is supplied at invocation, the shell becomes restricted.  A restricted shell is
       used to set up an environment more controlled than the standard shell.  It behaves identically to bash with the exception that the  follow-
       ing are disallowed or not performed:

       o      changing directories with cd

       o      setting or unsetting the values of SHELL, PATH, ENV, or BASH_ENV

       o      specifying command names containing /

       o      specifying a file name containing a / as an argument to the .  builtin command

       o      specifying a filename containing a slash as an argument to the -p option to the hash builtin command

       o      importing function definitions from the shell environment at startup

       o      parsing the value of SHELLOPTS from the shell environment at startup

       o      redirecting output using the >, >|, <>, >&, &>, and >> redirection operators

       o      using the exec builtin command to replace the shell with another command

       o      adding or deleting builtin commands with the -f and -d options to the enable builtin command

       o      using the enable builtin command to enable disabled shell builtins

       o      specifying the -p option to the command builtin command

       o      turning off restricted mode with set +r or set +o restricted.

       These restrictions are enforced after any startup files are read.

       When a command that is found to be a shell script is executed, rbash turns off any restrictions in the shell spawned to execute the script.

SEE ALSO

       bash(1)

GNU Bash-4.0							    2004 Apr 20 							  RBASH(1)
All times are GMT -4. The time now is 01:07 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy