Solved: Re: How to forbid the command ftp > ! /bin/ksh

Manceau · ‎01-28-2002

Hi,

I want to forbid /bin/ksh when a user is on ftp prompt.

What can I do ?

KJB

harry d brown jr · ‎01-28-2002

Manceau,

What OS are you running?

live free or die
harry

Live Free or Die

Bill Hassell · ‎01-28-2002

Using the ! to escape ftp is a server setting. On the server side, look at the ftp daemon configs to forbid shell escape (and perhaps the site and quote commands too).

Bill Hassell, sysadmin

harry d brown jr · ‎01-28-2002

In 11.x, I'm not sure you can, but maybe you want to look into using tftp if you can't trust your users? Plus you have the pipe commands, like ls -l "| more", where more allows you to "escape" to a shell.

live free or die
harry

Live Free or Die

S.K. Chan · ‎01-28-2002

You can try this ..

Set the SHELL variable to /bin/false in your user environment. That should restrict the use of all "!" command within ftp.

Steven Sim Kok Leong · ‎01-28-2002

Hi,

Remove /bin/ksh from /etc/shells will forbid a user with the login shell /bin/ksh from FTP'ing into the system.

Hope this helps. Regards.

Steven Sim Kok Leong

Christopher Caldwell · ‎01-28-2002

When they run
ftp > ! /bin/ksh

the shell is executed on the local host; thus ftpd server configs aren't in play:

man ftp

! [blah] Invoke a shell on the local host.

I suppose you can do things like restrict users from having a valid shell (/usr/bin/false, /usr/bin/ftponly), but those are generally server side configurations, and I'd have to wonder (if you limit them on the client side), how they got to the ftp command to begin with.

Manceau · ‎01-29-2002

Thank you for your help.

Philipe MANCEAU.

KJB