08-11-2017
How about using a "restricted shell"?
man bash:
Quote:
-r If the -r option is present, the shell becomes restricted (see RESTRICTED SHELL below).
Or, in your above "injection", did you consider
trapping the relevant signals?
9 More Discussions You Might Find Interesting
1. HP-UX
Dear All,
how to check the unix log file which mean how many(who) user has been log in the server for the day, when they log in & when they log out? (8 Replies)
Discussion started by: whl123
8 Replies
2. Solaris
Hi,
I'm new to solaris/ Unix and would like to know how to check in the system what
was the last login user were doing. Is there any way to check this? Thanks in advanced. (1 Reply)
Discussion started by: raziayub
1 Replies
3. UNIX for Dummies Questions & Answers
I m using linux os...and my friend using windows....we both having internet connection...Is there any possible to enter his system from my system using this internet connection..... (1 Reply)
Discussion started by: stalin2020
1 Replies
4. SCO
We have made numerous requests to our system administrator to add new employees at login screen ( passwords not required ) to no avail.
I can login into root but not sure how to proceed from there.
We have a 10 yr. old version of SCO
Can anyone help?
I know very few unix commands okay... (1 Reply)
Discussion started by: houseostyle
1 Replies
5. UNIX for Dummies Questions & Answers
What is the command to list all UNIX system login accounts?
What is the command to list all system password parameters for UNIX(minimum length, complexity,age, invalid lockout attempts, expiration date , user inactivity lockout) (1 Reply)
Discussion started by: ma466
1 Replies
6. Solaris
Hi,
I need to implement something that will enforce login to a Solaris server as a particular, specifed user. After this login stage, users will be able to "su -" to whichever user they wish, by which time their activity will be captured by some sort of script (yet to be written). What I need... (7 Replies)
Discussion started by: jamiegeo1
7 Replies
7. UNIX for Dummies Questions & Answers
Hello - Could anyone please explain what is login class in unix..? is it supported by Linux, AIX, HP-UX, Solaris?
Also how do we update this when a user is created? I looked into man pages for useradd/usermod and mkuser, but could not find any option to add/update login class for a user.
... (5 Replies)
Discussion started by: manju--
5 Replies
8. AIX
I have four AIX 6.1.7.4 systems freshly built and ready for our DBAs to do their work. Of the three one runs into an odd issue while logging in as himself, using Putty with ssh protocols. He logs in successfully, but also gets the following error message:
: 3004-300 You entered an invalid login... (2 Replies)
Discussion started by: Mike Brendan
2 Replies
9. UNIX and Linux Applications
Hello I install AT&T UNIX System V Release 4 Version 2.1 (3.5) on Emulator Bochs 2.6.8 here I done with all Base .img file upload after uploading 10 the base img file System take restart and after that System ask for console Login.
which is as root and password set by me.
But it will NOT allow... (7 Replies)
Discussion started by: Akshay Nalange
7 Replies
LEARN ABOUT SUNOS
restricted_shell
rsh(1M) System Administration Commands rsh(1M)
NAME
rsh, restricted_shell - restricted shell command interpreter
SYNOPSIS
/usr/lib/rsh [-acefhiknprstuvx] [argument...]
DESCRIPTION
rsh is a limiting version of the standard command interpreter sh, used to restrict logins to execution environments whose capabilities are
more controlled than those of sh (see sh(1) for complete description and usage).
When the shell is invoked, it scans the environment for the value of the environmental variable, SHELL. If it is found and rsh is the file
name part of its value, the shell becomes a restricted shell.
The actions of rsh are identical to those of sh, except that the following are disallowed:
o changing directory (see cd(1)),
o setting the value of $PATH,
o pecifying path or command names containing /,
o redirecting output (> and >>).
The restrictions above are enforced after .profile is interpreted.
A restricted shell can be invoked in one of the following ways:
1. rsh is the file name part of the last entry in the /etc/passwd file (see passwd(4));
2. the environment variable SHELL exists and rsh is the file name part of its value; the environment variable SHELL needs to be set in the
.login file;
3. the shell is invoked and rsh is the file name part of argument 0;
4. the shell is invoke with the -r option.
When a command to be executed is found to be a shell procedure, rsh invokes sh to execute it. Thus, it is possible to provide to the end-
user shell procedures that have access to the full power of the standard shell, while imposing a limited menu of commands; this scheme
assumes that the end-user does not have write and execute permissions in the same directory.
The net effect of these rules is that the writer of the .profile (see profile(4)) has complete control over user actions by performing
guaranteed setup actions and leaving the user in an appropriate directory (probably not the login directory).
The system administrator often sets up a directory of commands (that is, /usr/rbin) that can be safely invoked by a restricted shell. Some
systems also provide a restricted editor, red.
EXIT STATUS
Errors detected by the shell, such as syntax errors, cause the shell to return a non-zero exit status. If the shell is being used non-
interactively execution of the shell file is abandoned. Otherwise, the shell returns the exit status of the last command executed.
ATTRIBUTES
See attributes(5) for descriptions of the following attributes:
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
|Availability |SUNWcsu |
+-----------------------------+-----------------------------+
SEE ALSO
intro(1), cd(1), login(1), rsh(1), sh(1), exec(2), passwd(4), profile(4), attributes(5)
NOTES
The restricted shell, /usr/lib/rsh, should not be confused with the remote shell, /usr/bin/rsh, which is documented in rsh(1).
SunOS 5.10 1 Nov 1993 rsh(1M)