Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: User commands autharization
Operating Systems Solaris User commands autharization Post 302701657 by Don Cragun on Monday 17th of September 2012 04:30:33 AM
Old 09-17-2012
Basically, you write a shell that only recognizes these four utilities, create a new user account with your shell set as that user's login shell, and let a user login to that account.

Note that if you implement your shell using a normal shell (e.g., bash, ksh, sh, etc.), you not only have to restrict the utilities they are allowed to run, you also have to be sure that the arguments they pass to these utilities don't make use of `...`, $(...), and other shell constructs to invoke other utilities while parsing command-line arguments. And, obviously, if your restricted user can successfully execute the su utility, there will be no restrictions on what that user can run in the environment set up by su.
 

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

user executing priveleged commands

hey peeps i am pretty much new to unix, my first semester at uni, so if anyone can help, would be greatly appreciated. how the hell is it possible for a user to execute priveleged commands without the user having a superuser password?? if anyone can help me, i would appreciate it very... (2 Replies)
Discussion started by: 30177005
2 Replies

2. Shell Programming and Scripting

Capture user imput commands

Hi all, I have a problem which needs to be solved soon because it affects auditing capabilities. There is an application id that has to be used by other users for the purpose of production support. The application user id uses C shell. We allow users to switch to the application user id based... (1 Reply)
Discussion started by: s_saran
1 Replies

3. UNIX for Advanced & Expert Users

Capturing commands executed by user

Hello Unix Champs, For keeping audit trail, I want to log the commands entered by the normal users, on their terminal into a text file. I tried putting a "script -a username.timestamp.txt" in the user profile file, but script command stops execution when user types exit or presses CTRL+D... (3 Replies)
Discussion started by: bhaven.haria
3 Replies

4. Solaris

how can obtain other user commands on the same server.

hi buddies, i want to learn something,so that we have several users on a sun server and via telnet, we are connecting to server same username and password root/something as root and after connection i want to see what other roots or users are doing on the server, i want to see their command.... (2 Replies)
Discussion started by: nibiru78
2 Replies

5. Solaris

I want to know whole day commands executed by particular user

Hi all I want to know the commands executed a by particular user .. for the whole day on my machine. I have checked out with the commad $lastcomm <user> It is throwing an error called: .. /var/adm/pacct: No such file or directory Can u help me in this regard.. Thank U... (3 Replies)
Discussion started by: naree
3 Replies

6. Solaris

whole day commands executed by particular user

Hi all I want to know the commands executed a by particular user .. for the whole day on my machine. I have checked out with the commad $lastcomm <user> It is throwing an error called: .. /var/adm/pacct: No such file or directory Can u help me in this regard.. Thank U Naree (1 Reply)
Discussion started by: naree
1 Replies

7. UNIX for Advanced & Expert Users

Track user commands

Hi, I have a unix server and I am concerned about the security on that server. I would like to be able to write a script that records all the commands that were typed at the command prompt before the user calls the 'history -c' command and deletes all the history. I was thinking about firing or... (7 Replies)
Discussion started by: mishkamima
7 Replies

8. UNIX for Dummies Questions & Answers

Commands to monitor other user's activity

What commands would you recommend in order to monitor things like when a user logs on to a server, assuming you know that user's name on the server? (2 Replies)
Discussion started by: Sotau
2 Replies

9. UNIX for Dummies Questions & Answers

user defined commands

Hi, i would like to create user defined commands. e,g: if an user executes , mkdircd test then a directory called test should be created and it should be cd to test. How i can create the command mkdircd with below action: mkdir $1 && cd $1. Please help me in achieving this (7 Replies)
Discussion started by: pandeesh
7 Replies

10. Shell Programming and Scripting

Reading ls -l output line by line awk the user name and su user to run commands

Using ksh on AIX what I am trying to do is to read the ls -l output from a file in a do while loop line by line. Extract the user name(3rd field) and the directory/file name(9th field) using awk and save them into variables. su -c to the user and change directory/file permisions to 777. Script I... (13 Replies)
Discussion started by: zubairom
13 Replies

LEARN ABOUT MOJAVE

git-shell

GIT-SHELL(1)                                                        Git Manual                                                        GIT-SHELL(1)

NAME

       git-shell - Restricted login shell for Git-only SSH access

SYNOPSIS

       chsh -s $(command -v git-shell) <user>
       git clone <user>@localhost:/path/to/repo.git
       ssh <user>@localhost

DESCRIPTION

       This is a login shell for SSH accounts to provide restricted Git access. It permits execution only of server-side Git commands implementing
       the pull/push functionality, plus custom commands present in a subdirectory named git-shell-commands in the user's home directory.

COMMANDS

       git shell accepts the following commands after the -c option:

       git receive-pack <argument>, git upload-pack <argument>, git upload-archive <argument>
           Call the corresponding server-side command to support the client's git push, git fetch, or git archive --remote request.

       cvs server
           Imitate a CVS server. See git-cvsserver(1).

       If a ~/git-shell-commands directory is present, git shell will also handle other, custom commands by running "git-shell-commands/<command>
       <arguments>" from the user's home directory.

INTERACTIVE USE

       By default, the commands above can be executed only with the -c option; the shell is not interactive.

       If a ~/git-shell-commands directory is present, git shell can also be run interactively (with no arguments). If a help command is present
       in the git-shell-commands directory, it is run to provide the user with an overview of allowed actions. Then a "git> " prompt is presented
       at which one can enter any of the commands from the git-shell-commands directory, or exit to close the connection.

       Generally this mode is used as an administrative interface to allow users to list repositories they have access to, create, delete, or
       rename repositories, or change repository descriptions and permissions.

       If a no-interactive-login command exists, then it is run and the interactive shell is aborted.

EXAMPLE

       To disable interactive logins, displaying a greeting instead:

           $ chsh -s /usr/bin/git-shell
           $ mkdir $HOME/git-shell-commands
           $ cat >$HOME/git-shell-commands/no-interactive-login <<EOF
           #!/bin/sh
           printf '%s
' "Hi $USER! You've successfully authenticated, but I do not"
           printf '%s
' "provide interactive shell access."
           exit 128
           EOF
           $ chmod +x $HOME/git-shell-commands/no-interactive-login

       To enable git-cvsserver access (which should generally have the no-interactive-login example above as a prerequisite, as creating the
       git-shell-commands directory allows interactive logins):

           $ cat >$HOME/git-shell-commands/cvs <<EOF
           if ! test $# = 1 && test "$1" = "server"
           then
                   echo >&2 "git-cvsserver only handles "server""
                   exit 1
           fi
           exec git cvsserver server
           EOF
           $ chmod +x $HOME/git-shell-commands/cvs

SEE ALSO

       ssh(1), git-daemon(1), contrib/git-shell-commands/README

GIT

       Part of the git(1) suite

Git 2.17.1                                                          10/05/2018                                                        GIT-SHELL(1)
All times are GMT -4. The time now is 10:27 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy