- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: Restrict getting to Shell
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-22-2008 08:02 AM
тАО02-22-2008 08:02 AM
Restrict getting to Shell
I'm dealing with an Application on our 11.23 (IA-64) system, that when a developer/user gets to a prompt within the Application to do things with code and such, all they have to do is type in a "!" and it exits them out to a shell. We want to prevent this if at all possible. They are a non-privliged user when they get out to a shell on the OS, but just the same, we want to restrict this if we can.
Is there anyway to prevent them from doing this that anyone could think of? We have tried a limiting this in sudo with the option of !SHELL, but it is not working.
Thanks in advance for any ideas anyone can provide!
KPS
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-22-2008 08:15 AM
тАО02-22-2008 08:15 AM
Re: Restrict getting to Shell
Define the application (code file) as the program-to-use-as-the-shell (i.e. the last field) in '/etc/passwd'.
Regards!
...JRF...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-22-2008 08:36 AM
тАО02-22-2008 08:36 AM
Re: Restrict getting to Shell
The developer/user authenticates and gets put right into a wrapper program that we have that allows them to select an instance of the App.
With making that change to the /etc/passwd file login doesn't even give them our wrapper script anymore.
/KPS
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-22-2008 08:40 AM
тАО02-22-2008 08:40 AM
Re: Restrict getting to Shell
The developer/user authenticates and gets put right into a wrapper program that we have that allows them to select an instance of the App.
With making that change to /etc/passwd it doesn't give them our wrapper script anymore to choose an instance of their preference within the Application.
/KPS
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-22-2008 10:33 AM
тАО02-22-2008 10:33 AM
Re: Restrict getting to Shell
If the *APPLICATION* is allowing access to a shell, then the *APPLICATION* needs to be changed to not do so.
HP-Server-Literate since 1979
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-22-2008 10:53 AM
тАО02-22-2008 10:53 AM
Re: Restrict getting to Shell
Create a shell wrapper that these application users would have as their shell in /etc/passwd. Lets say it is called app-sh. In it you put the following two lines
export SHELL=/usr/bin/false
test it and tweak as needed. You can also combine it with sudo if necessary. It works with vi, if you set the SHELL variable to /usr/bin/false and then run vi, you can not escape to the shell.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-22-2008 02:47 PM
тАО02-22-2008 02:47 PM
Re: Restrict getting to Shell
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-25-2008 07:50 AM
тАО02-25-2008 07:50 AM
Re: Restrict getting to Shell
Many thanks to all of you for your suggestions.
/KPS