Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: List of dangerous shell commands
Top Forums Shell Programming and Scripting List of dangerous shell commands Post 302591195 by jim mcnamara on Wednesday 18th of January 2012 08:40:44 PM
Old 01-18-2012
IMO you are going at it in the wrong way.

First off, create a chrooted user that has some privilege, not all.
In the chroot jail (new / root directory ) only populate /usr/bin (or whatever with commands you can live with). No commands can be a link outside the jail.

Next, grant whatever users you want the privilege of becoming that special user, via sudo and /etc/sudoers

Basically though I gave you and answer, this is a not a good idea overall. I would not do this. Why do you want ordinary users doing normally restricted operations on the system.

You can probably use /etc/sudoers to set up what you want, but DO'NT let everybody have access to everything. The model is grant access. The model is never deny access.
Which is what your question is all about. Deny access.

The reason is the negative approach has serious flaws, even though you may think otherwise. You will notice that the security model that comes with the system is the "grant access model". There lots of good reasons for that. Don't bypass 30 years of security work for no good reason.

*I like Frank's answer better,I was being too polite.
 

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

List of dangerous Unix command

Hi Guys, I wonder if one of you would have a list of dangerous commands on unix. Regards (8 Replies)
Discussion started by: JBB873
8 Replies

2. Solaris

List of Commands

Dear All, I am a new Administrator of Solaris in the company , I need a list of the commands pls ... Regards Adel (2 Replies)
Discussion started by: ArabOracle.com
2 Replies

3. Shell Programming and Scripting

How to run unix commands in a new shell inside a shell script?

Hi , I am having one situation in which I need to run some simple unix commands after doing "chroot" command in a shell script. Which in turn creates a new shell. So scenario is that - I need to have one shell script which is ran as a part of crontab - in this shell script I need to do a... (2 Replies)
Discussion started by: hkapil
2 Replies

4. UNIX for Advanced & Expert Users

Comparison List of commands

Hi, I would like to have a list of commands in a table, see below example Command description HPUNIX SUN UNIX IBM AIX all above i need comparison list of commands ASAP please.......... B.R (1 Reply)
Discussion started by: f_amshan
1 Replies

5. Shell Programming and Scripting

list files commands

hi all scripting gurus, need some guide and advise from you. i'm trying to list all the files in the year 2004 and the file format is something like this: 11176MZ00004JV900004JVB00004JVCcDBU20041206.txt try to use the symbol ^ but somehow it does not help. i try this as well: ls -ltr |... (12 Replies)
Discussion started by: lweegp
12 Replies

6. Shell Programming and Scripting

List of internal commands ??

Dear Sir/Mam, Can you tell me list of internal commands which are easy to implements...??? Means sir I am a beginner in unix shell programming. So, I just wanted to know that which internal commands are easy to implements in C language. thanks.... (1 Reply)
Discussion started by: ranusahu
1 Replies

7. Shell Programming and Scripting

Can BASH execute commands on a remote server when the commands are embedded in shell

I want to log into a remote server transfer over a new config and then backup the existing config, replace with the new config. I am not sure if I can do this with BASH scripting. I have set up password less login by adding my public key to authorized_keys file, it works. I am a little... (1 Reply)
Discussion started by: bash_in_my_head
1 Replies

8. Linux

Is umount -l dangerous?

I had a umount busy issue, that the usual fuser -mk did not solve, I did a umount -l and was able to unmount the device, I then got in trouble by the storage team staff: Here was a snippet of their response: Using "umount -l" is a potentially dangerous act. The command combination for a lazy... (8 Replies)
Discussion started by: pastajet
8 Replies

9. Shell Programming and Scripting

Any shell or hack that makes the shell command line take vi commands?

basically i'm tired of hitting the left arrow a few dozen times when correcting a mistake or modifying a history command i'd like to use vim style key shortcuts while on the command line so that a 55 moves the cursor 55 places to the left... and i want all the other vi goodies, search of... (3 Replies)
Discussion started by: marqul
3 Replies

10. War Stories

Dangerous rm -rf command

Hello All, I am posting a intresting story which is posted by Mark Brader but actual story is from Mario Wolczko. Original link is here Thanks, R. Singh (4 Replies)
Discussion started by: RavinderSingh13
4 Replies

LEARN ABOUT FREEBSD

atf-sh

ATF-SH(1)						    BSD General Commands Manual 						 ATF-SH(1)

NAME

     atf-sh [-s shell] -- interpreter for shell-based test programs

SYNOPSIS

     atf-sh script

DESCRIPTION

     atf-sh is an interpreter that runs the test program given in script after loading the atf-sh(3) library.

     atf-sh is not a real interpreter though: it is just a wrapper around the system-wide shell defined by ATF_SHELL.  atf-sh executes the inter-
     preter, loads the atf-sh(3) library and then runs the script.  You must consider atf-sh to be a POSIX shell by default and thus should not
     use any non-standard extensions.

     The following options are available:

     -s shell	  Specifies the shell to use instead of the value provided by ATF_SHELL.

ENVIRONMENT

     ATF_LIBEXECDIR    Overrides the builtin directory where atf-sh is located.  Should not be overridden other than for testing purposes.
     ATF_PKGDATADIR    Overrides the builtin directory where libatf-sh.subr is located.  Should not be overridden other than for testing purposes.
     ATF_SHELL	       Path to the system shell to be used in the generated scripts.  Scripts must not rely on this variable being set to select a
		       specific interpreter.

EXAMPLES

     Scripts using atf-sh(3) should start with:

	   #! /usr/bin/env atf-sh

     Alternatively, if you want to explicitly choose a shell interpreter, you cannot rely on env(1) to find atf-sh.  Instead, you have to hardcode
     the path to atf-sh in the script and then use the -s option afterwards as a single parameter:

	   #! /path/to/bin/atf-sh -s/bin/bash

ENVIRONMENT

     ATF_SHELL	  Path to the system shell to be used in the generated scripts.

SEE ALSO

     atf-sh(3)

BSD
								September 27, 2014							       BSD
All times are GMT -4. The time now is 04:18 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy