08-30-2009
Quote:
Originally Posted by
reborg
Use a restricted shell such as rbash or rksh and set the path and don't allow users to execute commands not in their PATH
OK makes sense. This is for BASH shell so will check how I can set rbash. So is it possible that to do from /etc/profile? I need all the normal users except administrators to get rbash when they log in.
Also can I configure the rbash such that it will allow user to execute only commands in their path. And if I force users to rbash will they be able to execute commands like 'cd' etc. Will they be able to change their path?
Basically would like to know if it is possible to custom configure rbash or we have to accept it's default behavior.
Many thanks for the reply and I hope I will be able to solve this issue today by getting help from this thread.
Regards,
Ramesh
---------- Post updated at 04:14 AM ---------- Previous update was at 03:28 AM ----------
rbash will totally restrict the users. Like their ability to "cd" etc among other things. I was wondering if I can set default shell of users as rbash and then customize it further, for example allow them to use commands like "cd" etc.
Just checking that possibility. Any comments from your side "reborg"?
Thanks...
10 More Discussions You Might Find Interesting
1. Shell Programming and Scripting
Hello all,
Here's the scenario:
I've got a script, let's call it script1. This script invokes another script, which we'll call set_env, via the dot "." command, like so:
File:
#!/bin/ksh
#
region_id=DEV
. set_env ${region_id}
and so on. Script set_env sets up an... (2 Replies)
Discussion started by: BriceBu
2 Replies
2. Shell Programming and Scripting
Hi all,
Can you tell me how to change the prompt color (only the path part) when I chnange directory with "cd"?
I use the sequence below in ".bashrc" (Solaris 8) to change my prompt colors and I'd like to modify it to change the path color when I cange directory.
PSC() { echo -ne "\"; }... (0 Replies)
Discussion started by: majormark
0 Replies
3. Shell Programming and Scripting
Hello Folks,
I want to append a path in user's PATH variable which should be available in current session.
Background
Numerous persons will run a utility.
Aim is to add the absolute path of the utility the first time it runs so that next runs have the PATH in env & users can directly run... (6 Replies)
Discussion started by: vibhor_agarwali
6 Replies
4. Shell Programming and Scripting
Hi ,
Iam changing the path in weblogic
from /opt/user/shared/mydomain
to
/opt/users/shared/multidomain
i have to change the below configuration files by using scripting am using for loop and sed to change the below files.
for i in ${b}startWebLogic.sh... (1 Reply)
Discussion started by: sam1226
1 Replies
5. Shell Programming and Scripting
Hi frnds!
i m installing a software named 'Gamit' by using bash.
bt i recieved the follwoing error:
.. removing any existing Makefiles or archive files from libraries directories
/root/Documents/ISP/Gamit_10.4/com/rmfresh: Permission denied.
.. removing any existing Makefiles or... (1 Reply)
Discussion started by: Engr. Shoaib
1 Replies
6. UNIX for Dummies Questions & Answers
Blank Blank Blank (11 Replies)
Discussion started by: pvibien
11 Replies
7. UNIX for Dummies Questions & Answers
I have many html files in a directory tree and want to change the a path declaration within the files.
Files will look as below
I want to remove "geopdf/" so I get as example
href=../../../geo1937/geo02n01/geo0201r00010016.pdf
rather than keeping the entry as
... (1 Reply)
Discussion started by: kristinu
1 Replies
8. UNIX for Dummies Questions & Answers
Dear All,
Please help me in finding solution for below problem.
I need a command or script to get code or path(from which location code is being executed), which is executing under a process ID.
I dont have google access here,Please help me in finding solution.
Thank you. (3 Replies)
Discussion started by: subbarao12
3 Replies
9. UNIX for Advanced & Expert Users
Currently I am using this laborious command
lvdisplay | awk '/LV Path/ {p=$3} /LV Name/ {n=$3} /VG Name/ {v=$3} /Block device/ {d=$3; sub(".*:", "/dev/dm-", d); printf "%s\t%s\t%s\n", p, "/dev/mapper/"v"-"n, d}'
Would like to know if there is any shorter method to get this mapping of... (2 Replies)
Discussion started by: royalibrahim
2 Replies
10. UNIX for Beginners Questions & Answers
Hello,
I am creating a file with all the source folders included in my git branch, when i grep for the used source, i found source included as relative path instead of absolute path, how can convert relative path to absolute path without changing directory to that folder and using readlink -f ? ... (4 Replies)
Discussion started by: Sekhar419
4 Replies
LEARN ABOUT SUNOS
restricted_shell
rsh(1M) System Administration Commands rsh(1M)
NAME
rsh, restricted_shell - restricted shell command interpreter
SYNOPSIS
/usr/lib/rsh [-acefhiknprstuvx] [argument...]
DESCRIPTION
rsh is a limiting version of the standard command interpreter sh, used to restrict logins to execution environments whose capabilities are
more controlled than those of sh (see sh(1) for complete description and usage).
When the shell is invoked, it scans the environment for the value of the environmental variable, SHELL. If it is found and rsh is the file
name part of its value, the shell becomes a restricted shell.
The actions of rsh are identical to those of sh, except that the following are disallowed:
o changing directory (see cd(1)),
o setting the value of $PATH,
o pecifying path or command names containing /,
o redirecting output (> and >>).
The restrictions above are enforced after .profile is interpreted.
A restricted shell can be invoked in one of the following ways:
1. rsh is the file name part of the last entry in the /etc/passwd file (see passwd(4));
2. the environment variable SHELL exists and rsh is the file name part of its value; the environment variable SHELL needs to be set in the
.login file;
3. the shell is invoked and rsh is the file name part of argument 0;
4. the shell is invoke with the -r option.
When a command to be executed is found to be a shell procedure, rsh invokes sh to execute it. Thus, it is possible to provide to the end-
user shell procedures that have access to the full power of the standard shell, while imposing a limited menu of commands; this scheme
assumes that the end-user does not have write and execute permissions in the same directory.
The net effect of these rules is that the writer of the .profile (see profile(4)) has complete control over user actions by performing
guaranteed setup actions and leaving the user in an appropriate directory (probably not the login directory).
The system administrator often sets up a directory of commands (that is, /usr/rbin) that can be safely invoked by a restricted shell. Some
systems also provide a restricted editor, red.
EXIT STATUS
Errors detected by the shell, such as syntax errors, cause the shell to return a non-zero exit status. If the shell is being used non-
interactively execution of the shell file is abandoned. Otherwise, the shell returns the exit status of the last command executed.
ATTRIBUTES
See attributes(5) for descriptions of the following attributes:
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
|Availability |SUNWcsu |
+-----------------------------+-----------------------------+
SEE ALSO
intro(1), cd(1), login(1), rsh(1), sh(1), exec(2), passwd(4), profile(4), attributes(5)
NOTES
The restricted shell, /usr/lib/rsh, should not be confused with the remote shell, /usr/bin/rsh, which is documented in rsh(1).
SunOS 5.10 1 Nov 1993 rsh(1M)