Re: Prevent accessing a shell ?

Aravind_3 · ‎09-30-2002

How do i prevent a standard user from accessing of
a xterm
a shell,
on a B2000 machine ?

I have a CDE environment.

Which parameters do i need to tune ?

Thanks
Aravind

U.SivaKumar_2 · ‎09-30-2002

Hi,
Iam not sure I undersood your question. You want to restrict a user from logging in. right ?

Put the user's default shell in /etc/passwd as
/dev/null instead of /bin/sh

regards,
U.SivaKumar

Innovations are made when conventions are broken

Aravind_3 · ‎09-30-2002

No...!

The user should be able to login.

But he should have an access only to the Application running on the server when he logs in and nothing else.

Hope it's clear

Christian Gebhardt · ‎09-30-2002

Hi

It's very difficult, because if a user have to log in to the machine the user needs a shel.

So one way is to restrict the user (restricted shell, no access to bin-directory or so)

another way is to forbid the direct connection to the machine and only allow connections via clients (e.g sqlplus to oracle)

a third way is to give the user the application as shell in /etc/passwd (if possible), so the user starts not a shell but the application

Christian

U.SivaKumar_2 · ‎09-30-2002

Hi,
Then have a look at this link
http://bizforums.itrc.hp.com/cm/QuestionAnswer/1,,0x13647d4cf554d611abdb0090277a778c,00.html

regards,
U.SivaKumar

Innovations are made when conventions are broken

BFA6 · ‎09-30-2002

Hi,

Instead of putting a shell in the passwd file, you could run the application from there, that way when they log in it will automatically run the application.
Or amend their .profile, so that it starts the application.

Regards,

Hilary

Balaji N · ‎10-01-2002

to login to a system you need to have a shell. if u want him to run a certain application, add this application as the shell in /etc/passwd.

hth
-balaji

Its Always Important To Know, What People Think Of You. Then, Of Course, You Surprise Them By Giving More.

harry d brown jr · ‎10-01-2002

in their profile have them exec the application. When the application terminates they get logged off.

live free or die
harry

Live Free or Die

Shannon Petry · ‎10-01-2002

It sounds like you want the users to have a full CDE session without the ability to use a shell.
This is not really possible by conventional means. Kind of like having windows and removing explorer. You can give them the impression that it's gone, but CDE requires a valid shell in order to launch.

Now, there is a hack method, which is to write scripts in place of the standard dtterm, xterm, and hpterm which act as a wrapper.
I.E.
mv /usr/bin/X11/xterm /usr/bin/X11/.xterm
touch /usr/bin/X11/xterm
chmod 4555 /usr/bin/X11/xterm
chown root:bin /usr/bin/X11/xterm
edit /usr/bin//X11/xterm to do something like...
#!/usr/bin/sh
ME=`/usr/bin/who am i`
BADUSR=/list/of/bad/users
if [ -f $BADUSR ] ; then
for USR in `cat $BADUSR` ; do
if [ "${ME}" = "${BADUSR}" ] ; then
exit 0
elif [ "${ME}x" = "x" ] ; then
echo "script broke"
else
/usr/bin/X11/.xterm $*
fi
done
else
echo "$BADUSR list does not exist"
#bypass list
/usr/bin/X11/.xterm $*
fi

Did not test it and it could have side effects. Just use caution!!!

Regards,
Shannon

Microsoft. When do you want a virus today?

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Re: Prevent accessing a shell ?

Prevent accessing a shell ?