Well I think you are missing the point of the whole thread. These users existed on the system for a really long time and nobody has access to command line. NOBODY. They just login to the server and go straight to the application. They exit the application and their sessions is closed.
Recently we noticed that if a user uses
putty to connect to the server he can run a remote command to the server and call bash shell (which is not their default shell) with
--noprofile option. and in all these pages of the thread a lot of ideas came to the surface. In my previous posts I stressed the fact that I am trying to test what the people suggested in order to find out what suits my situation better, so creating a custom based version of bash obviously solves the specific problem but as you said and as
XrAy said you need to be alerted every time you make upgrade of bash shell in order to remove this option from it and I also said that if you enter some lines in
sshd_config file in order to force the execution of a specific command for a user or a group of users it works!
It doesn't work only for
ssh login, it works also when the user tries to
sftp or
scp. So I guess that there is a way after all to prevent a user do what he wants to do. After all this should be the way. If you are the administrator then you should force your way to the users because if you allow them do whatever they want they would eventually do some stupid things that will create a mess for you to handle.
Moderator's Comments:
|
|
Please consider people reading this thread.
For clarity, please use:-- capital letters to start sentences
- capital letter for first person singular, i.e. I
- Lower case for everything else, emphasising with underline (capitals are seen as shouting)
- good paragraphs to break up the post to logical sections, avoiding "... and another thing..."
- full words, not the way you speak, e.g. because instead of cause
- highlighting for commands/options or member names
It would make it much clearer to read than a single long unformatted paragraph.
If you make your needs and attempts clear then you are more likely to get better responses and this thread will be more useful to others in the future.
|
|