HPE Community
Operating System - HP-UX
1825954 Members
2524 Online
109690 Solutions
New Discussion

How to forbid the command ftp > ! /bin/ksh

 
SOLVED
Go to solution
Manceau
Frequent Advisor

‎01-28-2002 09:24 AM

‎01-28-2002 09:24 AM

How to forbid the command ftp > ! /bin/ksh

Hi,

I want to forbid /bin/ksh when a user is on ftp prompt.

What can I do ?

KJB
0 Kudos
Reply
7 REPLIES 7
harry d brown jr
Honored Contributor

‎01-28-2002 09:28 AM

‎01-28-2002 09:28 AM

Re: How to forbid the command ftp > ! /bin/ksh

Manceau,

What OS are you running?

live free or die
harry
Live Free or Die
0 Kudos
Reply
Bill Hassell
Honored Contributor

‎01-28-2002 09:34 AM

‎01-28-2002 09:34 AM

Re: How to forbid the command ftp > ! /bin/ksh

Using the ! to escape ftp is a server setting. On the server side, look at the ftp daemon configs to forbid shell escape (and perhaps the site and quote commands too).


Bill Hassell, sysadmin
0 Kudos
Reply
harry d brown jr
Honored Contributor

‎01-28-2002 09:47 AM

‎01-28-2002 09:47 AM

Re: How to forbid the command ftp > ! /bin/ksh


In 11.x, I'm not sure you can, but maybe you want to look into using tftp if you can't trust your users? Plus you have the pipe commands, like ls -l "| more", where more allows you to "escape" to a shell.

live free or die
harry
Live Free or Die
0 Kudos
Reply
S.K. Chan
Honored Contributor

‎01-28-2002 09:57 AM

‎01-28-2002 09:57 AM

Solution

Re: How to forbid the command ftp > ! /bin/ksh

You can try this ..

Set the SHELL variable to /bin/false in your user environment. That should restrict the use of all "!" command within ftp.
Reply
Steven Sim Kok Leong
Honored Contributor

‎01-28-2002 10:32 AM

‎01-28-2002 10:32 AM

Re: How to forbid the command ftp > ! /bin/ksh

Hi,

Remove /bin/ksh from /etc/shells will forbid a user with the login shell /bin/ksh from FTP'ing into the system.

Hope this helps. Regards.

Steven Sim Kok Leong
0 Kudos
Reply
Christopher Caldwell
Honored Contributor

‎01-28-2002 11:55 AM

‎01-28-2002 11:55 AM

Re: How to forbid the command ftp > ! /bin/ksh


When they run
ftp > ! /bin/ksh

the shell is executed on the local host; thus ftpd server configs aren't in play:

man ftp


! [blah] Invoke a shell on the local host.

I suppose you can do things like restrict users from having a valid shell (/usr/bin/false, /usr/bin/ftponly), but those are generally server side configurations, and I'd have to wonder (if you limit them on the client side), how they got to the ftp command to begin with.
0 Kudos
Reply
Manceau
Frequent Advisor

‎01-29-2002 05:40 AM

‎01-29-2002 05:40 AM

Re: How to forbid the command ftp > ! /bin/ksh

Thank you for your help.

Philipe MANCEAU.
KJB
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.