Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Preventing switching shells
Special Forums Cybersecurity Preventing switching shells Post 302274827 by jim mcnamara on Thursday 8th of January 2009 12:56:53 PM
Old 01-08-2009
It can be done. Not a great idea on production machines.

Assuming there are no production or system scripts written in anything but /bin/sh or bin/bash (and /bin/sh is a symlink to bash), make all of the "other" shells symlinks to /usr/bin/bash. /bin/sh should also ALREADY be a link to /bin/bash, ie the system boots up error-free using bash. If it is not - do not do this.

Restrict access to /usr/bin/chsh - deny other execute. The only other problem is somebody using passwd -s to change shells. All that will happen there is they will "change" to bash anyway.

None of this is a great idea. There could be scripts somewhere that depend on ksh wierdness and you just broke them, for example. I am also not convinced about security concerns unless there are shells that some user downloaded off the net on your box somewhere. You may want to et rid of those anyway whether or not you can lock down to bash-only.
 

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

switching shells??

Hi How can i switch shells on linux and freebsd? i tried changing the passwd file and restarted the computer but i still get the same old shell. anybody has the answer? thanks (6 Replies)
Discussion started by: xNYx
6 Replies

2. Linux

Preventing a scan of the RAID during bootup

I have a RH 7.3 server that needs a restart today after putting a patch in place. The last time I rebooted this box was almost a year ago and when the uptime is quite long, Linux likes to check all the disks for errors, including the RAID. This adds almost 1.5Hrs to my bootup process:eek: . Does... (1 Reply)
Discussion started by: turbo90awd
1 Replies

3. UNIX for Advanced & Expert Users

preventing others to run processes on my machine

I am in a multi-user Linux environment at work. Other users easily run processes on my machine when my machine is idle, but when I try to use my machine, it is dead slow. The processes run by them always grab the top spot using 99% of my CPU time. Is there a way I can prevent others to run... (3 Replies)
Discussion started by: besharam
3 Replies

4. Shell Programming and Scripting

Switching shells in UNIX Scripts

Solaris Newbie here to scripting in UNIX/SOLARIS. What I am looking to do is, once the script is executed, switch to /bin/bash shell and continue to execute the script. The problem I run into is once the script switches to the Bash shell, the script stops, and does not execute the... (2 Replies)
Discussion started by: Scoobiez
2 Replies

5. UNIX for Advanced & Expert Users

Preventing passwd root?

I knew it would happen sooner or later.... We have a requirement that specific individuals need "sudo root" authority. I knew it only a matter of time before someone decided to change the root password (at least they owned up to it). Now the question is how can I grant all rights except... (4 Replies)
Discussion started by: scottsl
4 Replies

6. Solaris

preventing the banner from being shown

Is there a way to supress the banner from being shown when you log in? (1 Reply)
Discussion started by: BG_JrAdmin
1 Replies

7. UNIX for Advanced & Expert Users

Preventing script to run at the same time.

I have a script, myscript.pl I want to set the script to exit if it is already running. At the moment I am using soft stop. eg: if -e dummy file then exit else create a dummy file Is there any other better way to perform this? Maybe ps -ef | egrep 'myscript.pl' (3 Replies)
Discussion started by: cronboss
3 Replies

8. Shell Programming and Scripting

Switching between shells

I don't know why, but it just isn't working how I want it to work. You might want to run it to see what I mean. Or you might be a genius (or just really good at unix) and know just by looking at it what the problem is. Have fun trying to figure this one out.:wall: (11 Replies)
Discussion started by: nowruzr
11 Replies

9. Shell Programming and Scripting

Preventing the sleep mode in Solaris

Hi , I am working on a Solaris server which goes to sleep mode if idle for more than 30 min. I have a remote access so that I can access the server from my home too. By the time I go back to my room, it is going to sleep mode so I could see nothing but a black screen. Is there any option to... (3 Replies)
Discussion started by: prabhag
3 Replies

10. UNIX for Advanced & Expert Users

Preventing Opera browser VPN

A fight against open-access I'm afraid. Opera Software have published their latest browser boasting built in free VPN giving access past firewalls of countries, companies, education establishments etc. Free VPN | Now built into Opera browser As one on the other side of the fence trying to... (1 Reply)
Discussion started by: rbatte1
1 Replies

LEARN ABOUT OPENSOLARIS

getusershell

getusershell(3C)					   Standard C Library Functions 					  getusershell(3C)

NAME

       getusershell, setusershell, endusershell - get legal user shells

SYNOPSIS

       #include <unistd.h>

       char *getusershell(void);

       void setusershell(void);

       void endusershell(void);

DESCRIPTION

       The  getusershell()  function  returns  a  pointer  to  a  legal  user  shell  as defined by the system manager in the file /etc/shells. If
       /etc/shells does not exist, the following locations of the standard system shells are used in its place:

	 /bin/bash		    /bin/csh
	 /bin/jsh		    /bin/ksh
	 /bin/ksh93		    /bin/pfcsh
	 /bin/pfksh		    /bin/pfsh
	 /bin/sh		    /bin/tcsh
	 /bin/zsh		    /sbin/jsh
	 /sbin/pfsh		    /sbin/sh
	 /usr/bin/bash		    /usr/bin/csh
	 /usr/bin/jsh		    /usr/bin/ksh
	 /usr/bin/ksh93 	    /usr/bin/pfcsh
	 /usr/bin/pfksh 	    /usr/bin/pfsh
	 /usr/bin/sh		    /usr/bin/tcsh
	 /usr/bin/zsh		    /usr/sfw/bin/zsh
	 /usr/xpg4/bin/sh

       The getusershell() function opens the file /etc/shells, if it exists, and returns the next entry in the list of shells.

       The setusershell() function rewinds the file or the list.

       The endusershell() function closes the file, frees any memory used by getusershell() and setusershell(), and rewinds the file /etc/shells.

RETURN VALUES

       The getusershell() function returns a null pointer on EOF.

BUGS

       All information is contained in memory that may be freed with a call to endusershell(), so it must be copied if it is to be saved.

NOTES

       Restricted shells should not be listed in /etc/shells.

SunOS 5.11							    1 Nov 2007							  getusershell(3C)
All times are GMT -4. The time now is 08:49 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy