08-30-2009
Use a restricted shell such as rbash or rksh and set the path and don't allow users to execute commands not in their PATH
10 More Discussions You Might Find Interesting
1. Shell Programming and Scripting
Hello all,
Here's the scenario:
I've got a script, let's call it script1. This script invokes another script, which we'll call set_env, via the dot "." command, like so:
File:
#!/bin/ksh
#
region_id=DEV
. set_env ${region_id}
and so on. Script set_env sets up an... (2 Replies)
Discussion started by: BriceBu
2 Replies
2. Shell Programming and Scripting
Hi all,
Can you tell me how to change the prompt color (only the path part) when I chnange directory with "cd"?
I use the sequence below in ".bashrc" (Solaris 8) to change my prompt colors and I'd like to modify it to change the path color when I cange directory.
PSC() { echo -ne "\"; }... (0 Replies)
Discussion started by: majormark
0 Replies
3. Shell Programming and Scripting
Hello Folks,
I want to append a path in user's PATH variable which should be available in current session.
Background
Numerous persons will run a utility.
Aim is to add the absolute path of the utility the first time it runs so that next runs have the PATH in env & users can directly run... (6 Replies)
Discussion started by: vibhor_agarwali
6 Replies
4. Shell Programming and Scripting
Hi ,
Iam changing the path in weblogic
from /opt/user/shared/mydomain
to
/opt/users/shared/multidomain
i have to change the below configuration files by using scripting am using for loop and sed to change the below files.
for i in ${b}startWebLogic.sh... (1 Reply)
Discussion started by: sam1226
1 Replies
5. Shell Programming and Scripting
Hi frnds!
i m installing a software named 'Gamit' by using bash.
bt i recieved the follwoing error:
.. removing any existing Makefiles or archive files from libraries directories
/root/Documents/ISP/Gamit_10.4/com/rmfresh: Permission denied.
.. removing any existing Makefiles or... (1 Reply)
Discussion started by: Engr. Shoaib
1 Replies
6. UNIX for Dummies Questions & Answers
Blank Blank Blank (11 Replies)
Discussion started by: pvibien
11 Replies
7. UNIX for Dummies Questions & Answers
I have many html files in a directory tree and want to change the a path declaration within the files.
Files will look as below
I want to remove "geopdf/" so I get as example
href=../../../geo1937/geo02n01/geo0201r00010016.pdf
rather than keeping the entry as
... (1 Reply)
Discussion started by: kristinu
1 Replies
8. UNIX for Dummies Questions & Answers
Dear All,
Please help me in finding solution for below problem.
I need a command or script to get code or path(from which location code is being executed), which is executing under a process ID.
I dont have google access here,Please help me in finding solution.
Thank you. (3 Replies)
Discussion started by: subbarao12
3 Replies
9. UNIX for Advanced & Expert Users
Currently I am using this laborious command
lvdisplay | awk '/LV Path/ {p=$3} /LV Name/ {n=$3} /VG Name/ {v=$3} /Block device/ {d=$3; sub(".*:", "/dev/dm-", d); printf "%s\t%s\t%s\n", p, "/dev/mapper/"v"-"n, d}'
Would like to know if there is any shorter method to get this mapping of... (2 Replies)
Discussion started by: royalibrahim
2 Replies
10. UNIX for Beginners Questions & Answers
Hello,
I am creating a file with all the source folders included in my git branch, when i grep for the used source, i found source included as relative path instead of absolute path, how can convert relative path to absolute path without changing directory to that folder and using readlink -f ? ... (4 Replies)
Discussion started by: Sekhar419
4 Replies
SMRSH(8) System Manager's Manual SMRSH(8)
NAME
smrsh - restricted shell for sendmail
SYNOPSIS
smrsh -c command
DESCRIPTION
The smrsh program is intended as a replacement for sh for use in the ``prog'' mailer in sendmail(8) configuration files. It sharply limits
the commands that can be run using the ``|program'' syntax of sendmail in order to improve the over all security of your system. Briefly,
even if a ``bad guy'' can get sendmail to run a program without going through an alias or forward file, smrsh limits the set of programs
that he or she can execute.
Briefly, smrsh limits programs to be in a single directory, by default /usr/lib/sendmail.d/bin/ allowing the system administrator to choose
the set of acceptable commands, and to the shell builtin commands ``exec'', ``exit'', and ``echo''. It also rejects any commands with the
characters ``', `<', `>', `;', `$', `(', `)', `
' (carriage return), or `
' (newline) on the command line to prevent ``end run'' attacks.
It allows ``||'' and ``&&'' to enable commands like: ``"|exec /usr/local/bin/filter || exit 75"''
Initial pathnames on programs are stripped, so forwarding to ``/usr/bin/vacation'', ``/usr/bin/vacation'', ``/home/server/mydir/bin/vaca-
tion'', and ``vacation'' all actually forward to `/usr/lib/sendmail.d/bin/vacation''.
System administrators should be conservative about populating the /usr/lib/sendmail.d/bin/ directory. For example, a reasonable additions
is vacation(1), and the like. No matter how brow-beaten you may be, never include any shell or shell-like program (such as perl(1)) in the
/usr/lib/sendmail.d/bin/ directory. Note that this does not restrict the use of shell or perl scripts in the /usr/lib/sendmail.d/bin/
directory (using the ``#!'' syntax); it simply disallows execution of arbitrary programs. Also, including mail filtering programs such as
procmail(1) is a very bad idea. procmail(1) allows users to run arbitrary programs in their procmailrc(5).
COMPILATION
Compilation should be trivial on most systems. You may need to use -DSMRSH_PATH="path" to adjust the default search path (defaults to
``/bin:/usr/bin'') and/or -DSMRSH_CMDDIR="dir" to change the default program directory (defaults to ``/usr/lib/sendmail.d/bin/'').
FILES
/usr/lib/sendmail.d/bin/ - default directory for restricted programs on SuSE Linux
SEE ALSO
sendmail(8)
$Date: 2004/08/06 03:55:35 $ SMRSH(8)