09-17-2012
Basically, you write a shell that only recognizes these four utilities, create a new user account with your shell set as that user's login shell, and let a user login to that account.
Note that if you implement your shell using a normal shell (e.g., bash, ksh, sh, etc.), you not only have to restrict the utilities they are allowed to run, you also have to be sure that the arguments they pass to these utilities don't make use of `...`, $(...), and other shell constructs to invoke other utilities while parsing command-line arguments. And, obviously, if your restricted user can successfully execute the su utility, there will be no restrictions on what that user can run in the environment set up by su.
10 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
hey peeps
i am pretty much new to unix, my first semester at uni, so if anyone can help, would be greatly appreciated.
how the hell is it possible for a user to execute priveleged commands without the user having a superuser password??
if anyone can help me, i would appreciate it very... (2 Replies)
Discussion started by: 30177005
2 Replies
2. Shell Programming and Scripting
Hi all,
I have a problem which needs to be solved soon because it affects auditing capabilities.
There is an application id that has to be used by other users for the purpose of production support.
The application user id uses C shell.
We allow users to switch to the application user id based... (1 Reply)
Discussion started by: s_saran
1 Replies
3. UNIX for Advanced & Expert Users
Hello Unix Champs,
For keeping audit trail, I want to log the commands entered by the normal users, on their terminal into a text file.
I tried putting a "script -a username.timestamp.txt" in the user profile file, but script command stops execution when user types exit or presses CTRL+D... (3 Replies)
Discussion started by: bhaven.haria
3 Replies
4. Solaris
hi buddies,
i want to learn something,so that we have several users on a sun server and via telnet, we are connecting to server same username and password root/something as root
and after connection i want to see what other roots or users are doing on the server, i want to see their command.... (2 Replies)
Discussion started by: nibiru78
2 Replies
5. Solaris
Hi all
I want to know the commands executed a by particular user .. for the whole day on my machine.
I have checked out with the commad
$lastcomm <user>
It is throwing an error called: ..
/var/adm/pacct: No such file or directory
Can u help me in this regard..
Thank U... (3 Replies)
Discussion started by: naree
3 Replies
6. Solaris
Hi all
I want to know the commands executed a by particular user .. for the whole day on my machine.
I have checked out with the commad
$lastcomm <user>
It is throwing an error called: ..
/var/adm/pacct: No such file or directory
Can u help me in this regard..
Thank U
Naree (1 Reply)
Discussion started by: naree
1 Replies
7. UNIX for Advanced & Expert Users
Hi,
I have a unix server and I am concerned about the security on that server.
I would like to be able to write a script that records all the commands that were typed at the command prompt before the user calls the 'history -c' command and deletes all the history.
I was thinking about firing or... (7 Replies)
Discussion started by: mishkamima
7 Replies
8. UNIX for Dummies Questions & Answers
What commands would you recommend in order to monitor things like when a user logs on to a server, assuming you know that user's name on the server? (2 Replies)
Discussion started by: Sotau
2 Replies
9. UNIX for Dummies Questions & Answers
Hi, i would like to create user defined commands.
e,g:
if an user executes ,
mkdircd test then a directory called test should be created and it should be cd to test.
How i can create the command mkdircd with below action:
mkdir $1 && cd $1.
Please help me in achieving this (7 Replies)
Discussion started by: pandeesh
7 Replies
10. Shell Programming and Scripting
Using ksh on AIX what I am trying to do is to read the ls -l output from a file in a do while loop line by line. Extract the user name(3rd field) and the directory/file name(9th field) using awk and save them into variables. su -c to the user and change directory/file permisions to 777. Script I... (13 Replies)
Discussion started by: zubairom
13 Replies
CHSH(1) User Commands CHSH(1)
NAME
chsh - change login shell
SYNOPSIS
chsh [options] [LOGIN]
DESCRIPTION
The chsh command changes the user login shell. This determines the name of the user's initial login command. A normal user may only change
the login shell for her own account; the superuser may change the login shell for any account.
OPTIONS
The options which apply to the chsh command are:
-h, --help
Display help message and exit.
-R, --root CHROOT_DIR
Apply changes in the CHROOT_DIR directory and use the configuration files from the CHROOT_DIR directory.
-s, --shell SHELL
The name of the user's new login shell. Setting this field to blank causes the system to select the default login shell.
If the -s option is not selected, chsh operates in an interactive fashion, prompting the user with the current login shell. Enter the new
value to change the shell, or leave the line blank to use the current one. The current shell is displayed between a pair of [ ] marks.
NOTE
The only restriction placed on the login shell is that the command name must be listed in /etc/shells, unless the invoker is the superuser,
and then any value may be added. An account with a restricted login shell may not change her login shell. For this reason, placing /bin/rsh
in /etc/shells is discouraged since accidentally changing to a restricted shell would prevent the user from ever changing her login shell
back to its original value.
FILES
/etc/passwd
User account information.
/etc/shells
List of valid login shells.
/etc/login.defs
Shadow password suite configuration.
SEE ALSO
chfn(1), login.defs(5), passwd(5).
shadow-utils 4.5 01/25/2018 CHSH(1)