I would greatly appreciate it if anybody could shed some light on this subject.
For example I want users to login using ssh or ftp
and not be ABLE to leave their userdir
so they cannot view any directories outside of the /home/user
so they can't
cd /
ls
Sorry I am new to this type of thing and don't know how to "talk the talk"
Now I am thinking possibly chroot(jailing) maybe involved? Who knows *not me*?
I would like to thank all the folks who replied to this question and apprieciate your perspective on this issue. I would also like too thank all people who looked at and read this post.
You can disable telnet so that no one can use it (this will not effect things such as sendmail ) in /etc/inetd.conf by commenting out the entry and then sending a HUP to inetd.
Check out the man page for rsh (different from rsh - remote sh). Your system may be different but doing a find /usr/share/man -name "rsh*" you should see different files for rsh. I found it under man1m so I did a man -s1m rsh and got info on the restricted shell.
% man -s1m rsh
Maintenance Commands rsh(1M)
NAME
rsh, restricted_shell - restricted shell command interpreter
DESCRIPTION
rsh is a limiting version of the standard command inter-
preter sh, used to restrict logins to execution environments
whose capabilities are more controlled than those of sh (see
sh(1) for complete description and usage).
When the shell is invoked, it scans the environment for the
value of the environmental variable, SHELL. If it is found
and rsh is the file name part of its value, the shell
becomes a restricted shell.
The actions of rsh are identical to those of sh, except that
the following are disallowed:
changing directory (see cd(1)),
setting the value of $PATH,
specifying path or command names containing /,
redirecting output (> and >>).
RESTRICTED SHELL
If bash is started with the name rbash, or the -r option
is supplied at invocation, the shell becomes restricted.
A restricted shell is used to set up an environment more
controlled than the standard shell. It behaves identi-
cally to bash with the exception that the following are
disallowed or not performed:
o changing directories with cd
o setting or unsetting the values of SHELL, PATH,
ENV, or BASH_ENV
o specifying command names containing /
o specifying a file name containing a / as an argu-
ment to the . builtin command
o Specifying a filename containing a slash as an
argument to the -p option to the hash builtin com-
mand
o importing function definitions from the shell envi-
ronment at startup
o parsing the value of SHELLOPTS from the shell envi-
ronment at startup
o redirecting output using the >, >|, <>, >&, &>, and
>> redirection operators
o using the exec builtin command to replace the shell
with another command
o adding or deleting builtin commands with the -f and
-d options to the enable builtin command
o specifying the -p option to the command builtin
command
o turning off restricted mode with set +r or set +o
restricted.
These restrictions are enforced after any startup files
are read.
When a command that is found to be a shell script is exe-
cuted (see COMMAND EXECUTION above), rbash turns off any
restrictions in the shell spawned to execute the script.
Its great but it totally disable cd
need something that can let users play in the sandbox within the userdir including cding within there.
Disabling cd does not do anything useful. Instead of:
cd /etc
ls
cat passwd
a user can just do:
ls /etc
cat /etc/passwd
And there is nothing that can be done with the restricted shells to stop that sort of thing.
The only thing that you could do is to have a seperate chrooted environment for each user. It will be rough setting that up. Unix really is not intended to be operated like that.
I basically don't want users roaming around reading files of other users etc..
and the login class would be nowhere near SU so
chances of altering files is not a concern it is the
roaming of users that I know there has to be a nice answer?
edit:
restricted: cannot specify `/' in command names
obviously there are ways because tons of UNIX hosts do not allow users to run around all over the file sys.
Use permissions on directory levels and files in conjunction with group.
ie... we have everyone setup in the user group but in the user directory structure, /usr/users , the default for group and others is no access.
0 (zero)....
I want to host a website in India, after all my research I have found MilesWeb.com, I am planning to go for their shared plan http://www.milesweb.com/cpanel-hosting.php I have test their contact options and response time, they are really available 24/7. I have checked few other providers, they... (1 Reply)
Hi there
Well, it's my first time on this board, so short to myself:
I'm matibaski, working as a webdeveloper and also as a system administrator on ubuntu server machines.
The problem:
I created a small apache-hostingscript by myself and it works fine.
But after some addings and new... (1 Reply)
Discussion started by: matibaski
1 Replies
3. Post Here to Contact Site Administrators and Moderators
