HPE Community
Operating System - HP-UX
1833479 Members
2986 Online
110052 Solutions
New Discussion

ksh & rksh

 
Indrajit_1
Valued Contributor

‎02-12-2006 04:24 AM

‎02-12-2006 04:24 AM

ksh & rksh

Hi All;

What is major diffrence between ksh & rksh. If i chage the shell from rksh to ksh, what will be the security thread??

Cheers
Indrajit
Never Ever Give Up
0 Kudos
7 REPLIES 7
Steven E. Protter
Exalted Contributor

‎02-12-2006 05:15 AM

‎02-12-2006 05:15 AM

Re: ksh & rksh

Shalom Indrajit,

Congrats on your new ITRC hat. !!!!

Answers with better discussion than I can type at this hour.

http://www.in-ulm.de/~mascheck/various/shells/

http://www.scit.wlv.ac.uk/cgi-bin/mansec?1+ksh

http://bama.ua.edu/cgi-bin/man-cgi?ksh+1

The r stands for restricted, which severely limits what a user can do.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Shivam Tiwari
Honored Contributor

‎02-12-2006 06:44 AM

‎02-12-2006 06:44 AM

Re: ksh & rksh

Indrajit,

One more for better understanding

http://docs.sun.com/app/docs/doc/802-1930-01/6i5u959p8?a=view

HTH,

Shivam Tiwari
Never say No. Say I will Do it........
0 Kudos
Shivam Tiwari
Honored Contributor

‎02-12-2006 06:46 AM

‎02-12-2006 06:46 AM

Re: ksh & rksh

/usr/xpg4/bin/sh is identical to /usr/bin/ksh, a command and programming language that executes commands read from a terminal or a file. rksh is a restricted version of the command interpreter ksh; it is used to set up login names and execution environments whose capabilities are more controlled than those of the standard shell.

HTH,

Shivam Tiwari
Never say No. Say I will Do it........
0 Kudos
Bill Hassell
Honored Contributor

‎02-12-2006 11:57 AM

‎02-12-2006 11:57 AM

Re: ksh & rksh

If a user currently has rksh as their shell, it was done as a conscious decision to severely restrict what that user can do. I assume that you don't know the reason that rksh was given to certain users, but changing it to ksh can be a security risk (the users are obviously not senior Unix users) but it can also increase mistakes that can be made with the the full ksh shell. I would not change to ksh until the reason for the restriction is well understood. Naturally, the system administrator cannot use rksh (or any other restricted shell).


Bill Hassell, sysadmin
0 Kudos
Arunvijai_4
Honored Contributor

‎02-12-2006 03:14 PM

‎02-12-2006 03:14 PM

Re: ksh & rksh

Hi Indrajit,

"rksh" is a restricted shell. It differs from ksh in the following ways,

The following actions cannot be performed:

* Changing directories
* Setting the SHELL and PATH variables to new values
* Using command names or paths containing a /
* Redirecting output (> and >>)

You can refer, http://duplex.hypermart.net/books/bsd/283-285.html
for more information .

-Arun
"A ship in the harbor is safe, but that is not what ships are built for"
0 Kudos
Muthukumar_5
Honored Contributor

‎02-12-2006 05:36 PM

‎02-12-2006 05:36 PM

Re: ksh & rksh

See man ksh page. It is having an answer to your question as,

The actions of rksh are identical to those of ksh, except that the
following are forbidden:

+ Changing directory (see cd(1))
+ Setting the value of SHELL, ENV, or PATH
+ Specifying path or command names containing /
+ Redirecting output (>, >|, <>, and >>)

The restrictions above are enforced after the .profile and ENV files
are interpreted.

--
Muthu
Easy to suggest when don't know about the problem!
0 Kudos
Indrajit_1
Valued Contributor

‎02-13-2006 04:30 AM

‎02-13-2006 04:30 AM

Re: ksh & rksh

Thanks to all


Cheers
indrajit
Never Ever Give Up
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.