03-18-2015
Well if you set /bin/false as the initial shell for a user of course he will not login. The point is that the user can connect to the server through this shell but not get to command line. And before you mention anything about restricted shells I also tried it with rksh and the user can still bypass his .profile and get command line.
Last edited by rbatte1; 03-18-2015 at 09:10 AM..
Reason: Spelling, capital letters and highlighting commands again.
10 More Discussions You Might Find Interesting
1. Shell Programming and Scripting
guys
i have a unix user (say "x") which is also an application owner ..thru this user i manage most (90 %) of my tasks related to application i.e application down/up,processes stop/start etc..in short i manage my "tuxedo" via this user..
now
i want a new user to be created (on my name) which... (7 Replies)
Discussion started by: abhijeetkul
7 Replies
2. AIX
Hi all,
I am currently trying to tell /bin/ksh to behave like a login shell. I am invoking it from an interactive shell. In the documentation is stated, that calling it with
exec ksh -
it should behave like a login shell, work 1st on /etc/profile, ~/.profile and so on.
I tried that with... (0 Replies)
Discussion started by: zaxxon
0 Replies
3. UNIX for Advanced & Expert Users
I am running a serverapplication on a HP-UX machine where I need to handle some of the commands as a specified user called "druser".
When I log on as this user with the command;
sudo -u druser -sit starts an instance of the shell as that user.
However, it doesn't load that users .profile from... (1 Reply)
Discussion started by: ukiome
1 Replies
4. AIX
How do I get a command like "ssh Theuser@host date" to execute the /home/Theuser/.profile before executing the "date" command? (5 Replies)
Discussion started by: IL-Malti
5 Replies
5. Shell Programming and Scripting
Hi Team,
Thank you for your time.
i have a situation where the user IDs of the applicatio users have been locked down to Read only.
Hence I am writing a script to invoke their old .profile every time they login.
My problem is : when i run . $userpath/.profile from within the ksh script... (9 Replies)
Discussion started by: anitha111
9 Replies
6. UNIX for Advanced & Expert Users
So my workplace uses websense to block certain websites. I read while researching firesheep, that you can somehow bypass that by creating a proxy, and thus:
#1 protect yourself from people using firesheep (if using unsecure hot-spot)
and
#2 or visit un-approved websites at work.
I... (1 Reply)
Discussion started by: zixzix01
1 Replies
7. Shell Programming and Scripting
The .profile file should be read when the user logs in. So, there should be no need to execute .profile file again in a cron job (since the cron job is run after the user logs in). Doesn't the cron require login from the user. Then, from where does the cron execute? Please help!! (1 Reply)
Discussion started by: thulasidharan2k
1 Replies
8. IP Networking
Hi!
My organization has put a Firewall which eat up a lot of important data access. So I came to know about SSH Tunneling to bypass the Firewall.
I will have to setup a free access SSH server to tunnel data access through PUTTY or OpenSSH.
The problem is that I don't know about any free... (1 Reply)
Discussion started by: nixhead
1 Replies
9. Solaris
Hi Guys,
I was studying RBAC and I gave a profile to a user . I have not seen anywhere that shows how to remove the profile from the users account. Can anyone show me how to remove a given profile from a users account?
Thanks alot guys. (2 Replies)
Discussion started by: cjashu
2 Replies
10. HP-UX
Hello,
Just wanting to know if it is possible. Also I am new to command line. I am running 5.1b, if that matters.
Thanks in advance (10 Replies)
Discussion started by: bcha
10 Replies
rsh(1M) System Administration Commands rsh(1M)
NAME
rsh, restricted_shell - restricted shell command interpreter
SYNOPSIS
/usr/lib/rsh [-acefhiknprstuvx] [argument...]
DESCRIPTION
rsh is a limiting version of the standard command interpreter sh, used to restrict logins to execution environments whose capabilities are
more controlled than those of sh (see sh(1) for complete description and usage).
When the shell is invoked, it scans the environment for the value of the environmental variable, SHELL. If it is found and rsh is the file
name part of its value, the shell becomes a restricted shell.
The actions of rsh are identical to those of sh, except that the following are disallowed:
o changing directory (see cd(1)),
o setting the value of $PATH,
o pecifying path or command names containing /,
o redirecting output (> and >>).
The restrictions above are enforced after .profile is interpreted.
A restricted shell can be invoked in one of the following ways:
1. rsh is the file name part of the last entry in the /etc/passwd file (see passwd(4));
2. the environment variable SHELL exists and rsh is the file name part of its value; the environment variable SHELL needs to be set in the
.login file;
3. the shell is invoked and rsh is the file name part of argument 0;
4. the shell is invoke with the -r option.
When a command to be executed is found to be a shell procedure, rsh invokes sh to execute it. Thus, it is possible to provide to the end-
user shell procedures that have access to the full power of the standard shell, while imposing a limited menu of commands; this scheme
assumes that the end-user does not have write and execute permissions in the same directory.
The net effect of these rules is that the writer of the .profile (see profile(4)) has complete control over user actions by performing
guaranteed setup actions and leaving the user in an appropriate directory (probably not the login directory).
The system administrator often sets up a directory of commands (that is, /usr/rbin) that can be safely invoked by a restricted shell. Some
systems also provide a restricted editor, red.
EXIT STATUS
Errors detected by the shell, such as syntax errors, cause the shell to return a non-zero exit status. If the shell is being used non-
interactively execution of the shell file is abandoned. Otherwise, the shell returns the exit status of the last command executed.
ATTRIBUTES
See attributes(5) for descriptions of the following attributes:
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
|Availability |SUNWcsu |
+-----------------------------+-----------------------------+
SEE ALSO
intro(1), cd(1), login(1), rsh(1), sh(1), exec(2), passwd(4), profile(4), attributes(5)
NOTES
The restricted shell, /usr/lib/rsh, should not be confused with the remote shell, /usr/bin/rsh, which is documented in rsh(1).
SunOS 5.10 1 Nov 1993 rsh(1M)