Shell hosting


 
Thread Tools Search this Thread
Top Forums UNIX for Advanced & Expert Users Shell hosting
# 1  
Old 07-17-2002
Shell hosting

Hi, IMA nOOb;

I would greatly appreciate it if anybody could shed some light on this subject.

For example I want users to login using ssh or ftp

and not be ABLE to leave their userdir

so they cannot view any directories outside of the /home/user

so they can't

cd /
ls
Sorry I am new to this type of thing and don't know how to "talk the talk"

Now I am thinking possibly chroot(jailing) maybe involved? Who knows *not me*?

I would like to thank all the folks who replied to this question and apprieciate your perspective on this issue. I would also like too thank all people who looked at and read this post.
# 2  
Old 07-17-2002
You can disable telnet so that no one can use it (this will not effect things such as sendmail ) in /etc/inetd.conf by commenting out the entry and then sending a HUP to inetd.

Check out the man page for rsh (different from rsh - remote sh). Your system may be different but doing a find /usr/share/man -name "rsh*" you should see different files for rsh. I found it under man1m so I did a man -s1m rsh and got info on the restricted shell.

% man -s1m rsh

Maintenance Commands rsh(1M)

NAME
rsh, restricted_shell - restricted shell command interpreter

SYNOPSIS
/usr/lib/rsh [ -acefhiknprstuvx ] [ argument...]

DESCRIPTION
rsh is a limiting version of the standard command inter-
preter sh, used to restrict logins to execution environments
whose capabilities are more controlled than those of sh (see
sh(1) for complete description and usage).

When the shell is invoked, it scans the environment for the
value of the environmental variable, SHELL. If it is found
and rsh is the file name part of its value, the shell
becomes a restricted shell.

The actions of rsh are identical to those of sh, except that
the following are disallowed:
changing directory (see cd(1)),
setting the value of $PATH,
specifying path or command names containing /,
redirecting output (> and >>).
# 3  
Old 07-17-2002
Thanks for the reply RTM;


going on your keywords I ended up with rbash

man bash

Code:
RESTRICTED SHELL
       If bash is started with the name rbash, or the  -r  option
       is  supplied  at invocation, the shell becomes restricted.
       A restricted shell is used to set up an  environment  more
       controlled  than  the  standard shell.  It behaves identi-
       cally to bash with the exception that  the  following  are
       disallowed or not performed:
 
       o      changing directories with cd
 
       o      setting  or  unsetting  the  values of SHELL, PATH,
              ENV, or BASH_ENV
 
       o      specifying command names containing /
 
       o      specifying a file name containing a / as  an  argu-
              ment to the .  builtin command
 
       o      Specifying  a  filename  containing  a  slash as an
              argument to the -p option to the hash builtin  com-
              mand
 
       o      importing function definitions from the shell envi-
              ronment at startup
 
       o      parsing the value of SHELLOPTS from the shell envi-
              ronment at startup
 
       o      redirecting output using the >, >|, <>, >&, &>, and
              >> redirection operators
 
       o      using the exec builtin command to replace the shell
              with another command
 
       o      adding or deleting builtin commands with the -f and
              -d options to the enable builtin command
 
       o      specifying the -p option  to  the  command  builtin
              command
 
       o      turning  off  restricted mode with set +r or set +o
              restricted.
 
       These restrictions are enforced after  any  startup  files
       are read.
 
       When  a command that is found to be a shell script is exe-
       cuted (see COMMAND EXECUTION above), rbash turns  off  any
       restrictions in the shell spawned to execute the script.


Its great but it totally disable cd

need something that can let users play in the sandbox within the userdir including cding within there.


Anymore Ideas?
# 4  
Old 07-17-2002
Disabling cd does not do anything useful. Instead of:
cd /etc
ls
cat passwd
a user can just do:
ls /etc
cat /etc/passwd
And there is nothing that can be done with the restricted shells to stop that sort of thing.

The only thing that you could do is to have a seperate chrooted environment for each user. It will be rough setting that up. Unix really is not intended to be operated like that.
# 5  
Old 07-17-2002
I basically don't want users roaming around reading files of other users etc..

and the login class would be nowhere near SU so
chances of altering files is not a concern it is the
roaming of users that I know there has to be a nice answer?


edit:

restricted: cannot specify `/' in command names

obviously there are ways because tons of UNIX hosts do not allow users to run around all over the file sys.

something like suExec with apache?

Last edited by scuzoid; 07-17-2002 at 01:15 PM..
# 6  
Old 07-23-2002
Use permissions on directory levels and files in conjunction with group.

ie... we have everyone setup in the user group but in the user directory structure, /usr/users , the default for group and others is no access.
0 (zero)....
Login or Register to Ask a Question

Previous Thread | Next Thread

3 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

MilesWeb.com shared hosting or unlimited hosting plans?

I want to host a website in India, after all my research I have found MilesWeb.com, I am planning to go for their shared plan http://www.milesweb.com/cpanel-hosting.php I have test their contact options and response time, they are really available 24/7. I have checked few other providers, they... (1 Reply)
Discussion started by: Guruguy
1 Replies

2. Shell Programming and Scripting

Apache Hosting-Shell Script - external files include

Hi there Well, it's my first time on this board, so short to myself: I'm matibaski, working as a webdeveloper and also as a system administrator on ubuntu server machines. The problem: I created a small apache-hostingscript by myself and it works fine. But after some addings and new... (1 Reply)
Discussion started by: matibaski
1 Replies

3. Post Here to Contact Site Administrators and Moderators

Project hosting?

Hey admins!, Please can you consider hosting devel projects. A. (5 Replies)
Discussion started by: ASGR
5 Replies
Login or Register to Ask a Question