HPE Community
Operating System - HP-UX
1832622 Members
2927 Online
110043 Solutions
New Discussion

customized shell

 
SOLVED
Go to solution
Zampo
Advisor

‎03-09-2006 01:11 AM

‎03-09-2006 01:11 AM

customized shell

Hi there!
I need to create a particular shell and assigne it to a particular user (only one in the system) writing it in the /etc/passwd file.
This shell is allowed to execute only these commands:
ls -l
cd
cat
And nothing else. Is it possible?
Any idea?

Thank you
Vale et valete
ZAMPO
zampo
0 Kudos
7 REPLIES 7
James R. Ferguson
Acclaimed Contributor

‎03-09-2006 01:18 AM

‎03-09-2006 01:18 AM

Re: customized shell

Hi :

What you need to do is setup the user with a "restricted" shell ('rsh'). See the 'sh-posix' manpages under the section headed "rsh Restrictions":

http://docs.hp.com/en/B2355-60127/sh-posix.1.html

Regards!

...JRF...
0 Kudos
Jeff_Traigle
Honored Contributor

‎03-09-2006 01:21 AM

‎03-09-2006 01:21 AM

Re: customized shell

You want to configure restricted shell (/usr/bin/rsh) for them. Been a long time since I played with it though and I see no man page for it in 11.11, unfortunately. I seem to recall it required copying whatever executables you wanted the restricted user to use into a location they could access.
--
Jeff Traigle
0 Kudos
Jeff_Traigle
Honored Contributor

‎03-09-2006 01:21 AM

‎03-09-2006 01:21 AM

Re: customized shell

Ah... the man reference was somewhere obvious. :)
--
Jeff Traigle
0 Kudos
A. Clay Stephenson
Acclaimed Contributor

‎03-09-2006 01:31 AM

‎03-09-2006 01:31 AM

Re: customized shell

rsh will not allow the cd command. I suppose my approach would be a small c program that parses stdin and exec()'s your 3 listed command.
If it ain't broke, I can fix that.
0 Kudos
Enrico Rossin
New Member

‎03-09-2006 01:32 AM

‎03-09-2006 01:32 AM

Solution

Re: customized shell

There are only a few settings that force a restricted shell user to stay in their restricted shell. If any of the steps to create a restricted user are in error or are later modified, the restricted user could gain access beyond what you are expecting. Since you have placed this user in a restricted shell, common sense says this is not a user you want snooping around your system. In order to understand the reason for these new settings, letâ s review the required steps for a restricted shell user:



1). The login shell listed in /etc/passwd is /usr/bin/rsh

2). The userâ s home directory must have permissions of 555

3). Create a bin directory in the userâ s home directory, also with permissions of 555

4). The userâ s .profile will have only one entry:

export PATH=/home/guest/bin

5). The permissions on the userâ s .profile will be 444 and owned by root/sys

6). Copy only the programs needed by the user to their bin directory

7). Add the user to the /etc/ftpd/ftpusers file

8). Restrict the user from other services using other configurable access control files
0 Kudos
Bill Hassell
Honored Contributor

‎03-09-2006 10:35 AM

‎03-09-2006 10:35 AM

Re: customized shell

Actually, writing a small shell script with a simple menu will work. Your menu script will present the 3 (or more) commands in a list and if the command is not listed, the user has no access. Note that cd (unrestricted) may be too much of a privilege if this user is not well trained. Note that ls and cat can list any file from any directory where the user has permission. No need to cd. The restricted shell cannot cd outside the user's HOME directory.


Bill Hassell, sysadmin
0 Kudos
Zampo
Advisor

‎03-14-2006 02:41 AM

‎03-14-2006 02:41 AM

Re: customized shell

Many thanks to everyone!!!


Vale et valete
ZAMPO
zampo
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.