Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: List of dangerous shell commands
Top Forums Shell Programming and Scripting List of dangerous shell commands Post 302591195 by jim mcnamara on Wednesday 18th of January 2012 08:40:44 PM
Old 01-18-2012
IMO you are going at it in the wrong way.

First off, create a chrooted user that has some privilege, not all.
In the chroot jail (new / root directory ) only populate /usr/bin (or whatever with commands you can live with). No commands can be a link outside the jail.

Next, grant whatever users you want the privilege of becoming that special user, via sudo and /etc/sudoers

Basically though I gave you and answer, this is a not a good idea overall. I would not do this. Why do you want ordinary users doing normally restricted operations on the system.

You can probably use /etc/sudoers to set up what you want, but DO'NT let everybody have access to everything. The model is grant access. The model is never deny access.
Which is what your question is all about. Deny access.

The reason is the negative approach has serious flaws, even though you may think otherwise. You will notice that the security model that comes with the system is the "grant access model". There lots of good reasons for that. Don't bypass 30 years of security work for no good reason.

*I like Frank's answer better,I was being too polite.
 

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

List of dangerous Unix command

Hi Guys, I wonder if one of you would have a list of dangerous commands on unix. Regards (8 Replies)
Discussion started by: JBB873
8 Replies

2. Solaris

List of Commands

Dear All, I am a new Administrator of Solaris in the company , I need a list of the commands pls ... Regards Adel (2 Replies)
Discussion started by: ArabOracle.com
2 Replies

3. Shell Programming and Scripting

How to run unix commands in a new shell inside a shell script?

Hi , I am having one situation in which I need to run some simple unix commands after doing "chroot" command in a shell script. Which in turn creates a new shell. So scenario is that - I need to have one shell script which is ran as a part of crontab - in this shell script I need to do a... (2 Replies)
Discussion started by: hkapil
2 Replies

4. UNIX for Advanced & Expert Users

Comparison List of commands

Hi, I would like to have a list of commands in a table, see below example Command description HPUNIX SUN UNIX IBM AIX all above i need comparison list of commands ASAP please.......... B.R (1 Reply)
Discussion started by: f_amshan
1 Replies

5. Shell Programming and Scripting

list files commands

hi all scripting gurus, need some guide and advise from you. i'm trying to list all the files in the year 2004 and the file format is something like this: 11176MZ00004JV900004JVB00004JVCcDBU20041206.txt try to use the symbol ^ but somehow it does not help. i try this as well: ls -ltr |... (12 Replies)
Discussion started by: lweegp
12 Replies

6. Shell Programming and Scripting

List of internal commands ??

Dear Sir/Mam, Can you tell me list of internal commands which are easy to implements...??? Means sir I am a beginner in unix shell programming. So, I just wanted to know that which internal commands are easy to implements in C language. thanks.... (1 Reply)
Discussion started by: ranusahu
1 Replies

7. Shell Programming and Scripting

Can BASH execute commands on a remote server when the commands are embedded in shell

I want to log into a remote server transfer over a new config and then backup the existing config, replace with the new config. I am not sure if I can do this with BASH scripting. I have set up password less login by adding my public key to authorized_keys file, it works. I am a little... (1 Reply)
Discussion started by: bash_in_my_head
1 Replies

8. Linux

Is umount -l dangerous?

I had a umount busy issue, that the usual fuser -mk did not solve, I did a umount -l and was able to unmount the device, I then got in trouble by the storage team staff: Here was a snippet of their response: Using "umount -l" is a potentially dangerous act. The command combination for a lazy... (8 Replies)
Discussion started by: pastajet
8 Replies

9. Shell Programming and Scripting

Any shell or hack that makes the shell command line take vi commands?

basically i'm tired of hitting the left arrow a few dozen times when correcting a mistake or modifying a history command i'd like to use vim style key shortcuts while on the command line so that a 55 moves the cursor 55 places to the left... and i want all the other vi goodies, search of... (3 Replies)
Discussion started by: marqul
3 Replies

10. War Stories

Dangerous rm -rf command

Hello All, I am posting a intresting story which is posted by Mark Brader but actual story is from Mario Wolczko. Original link is here Thanks, R. Singh (4 Replies)
Discussion started by: RavinderSingh13
4 Replies

LEARN ABOUT DEBIAN

sysprofile

SYSPROFILE(8)						      System Manager's Manual						     SYSPROFILE(8)

NAME

       sysprofile - modular centralized shell configuration

DESCRIPTION

       sysprofile is a generic approach to configure shell settings in a modular and centralized way mostly aimed at avoiding work for lazy sysad-
       mins.  It has only been tested to work with the bash shell.

       It basically consists of the small /etc/sysprofile shell script which invokes other small shell scripts having a  .bash	suffix	which  are
       contained  in  the  /etc/sysprofile.d/  directory.   The system administrator can drop in any script he wants without any naming convention
       other than that the scripts need to have a .bash suffix to enable automagic sourcing by /etc/sysprofile.

       This mechanism is set up by inserting a small shell routine into /etc/profile for login	shells	and  optionally  into  /etc/bashrc  and/or
       /etc/bash.bashrc for non-login shells from where the actual /etc/sysprofile script is invoked:

	   if [ -f /etc/sysprofile ]; then
		   . /etc/sysprofile
	   fi

       For  using  "sysprofile"  under X11, one can source it in a similar way from /etc/X11/Xsession or your X display manager's Xsession file to
       provide the same shell environment as under the console in X11.	See the example files in /usr/share/doc/sysprofile/ for illustration.

       For usage of terminal emulators with a non-login bash shell under X11, take care to enable sysprofile via  /etc/bash.bashrc.   If  not  set
       this way, your terminal emulators won't come up with the environment defined by the scripts in /etc/sysprofile.d/.

       Users  not  wanting /etc/sysprofile to be sourced for their environment can easily disable it's automatic mechanism.  It can be disabled by
       simply creating an empty file called $HOME/.nosysprofile in the user's home directory using e.g. the touch(1) command.

       Any single configuration file in /etc/sysprofile.d/ can be overridden by any user by  creating  a  private  $HOME/.sysprofile.d/  directory
       which  may  contain  a  user's  own version of any configuration file to be sourced instead of the system default.  It's names have just to
       match exactly the system's default /etc/sysprofile.d/ configuration files.  Empty versions of these files contained in  the  $HOME/.syspro-
       file.d/ directory automatically disable sourcing of the system wide version.

       Naturally, users can add and include their own private script inventions to be automagically executed by /etc/sysprofile at login time.

OPTIONS

       There are no options other than those dictated by shell conventions.  Anything is defined within the configuration scripts themselves.

SEE ALSO

       The  README  files  and	configuration  examples contained in /etc/sysprofile.d/ and the manual pages bash(1), xdm(1x), xdm.options(5), and
       wdm(1x).  Recommended further reading is everything related with shell programming.

       If you need a similar mechanism for executing code at logout time check out the related package syslogout(8) which is a very close  compan-
       ion to sysprofile.

BUGS

       sysprofile  in its current form is mainly restricted to bash(1) syntax.	In fact it is actually	a rather embarrassing quick and dirty hack
       than anything else - but it works.  It  serves the practical need to enable  a  centralized  bash  configuration   until  something  better
       becomes available.  Your constructive criticism in making  this	into something better" is very welcome.  Before i forget to mention it: we
       take patches... ;-)

AUTHOR

       sysprofile was developed by Paul Seelig <pseelig@debian.org> specifically for the Debian GNU/Linux system.  Feel free to port it to and use
       it anywhere else under the conditions of either the GNU public license or the BSD license or both.  Better yet, please help to make it into
       something more worthwhile than it currently is.

																     SYSPROFILE(8)
All times are GMT -4. The time now is 06:07 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy