HPE Community
Operating System - HP-UX
1847413 Members
2708 Online
110264 Solutions
New Discussion

Prevent accessing a shell ?

 
Aravind_3
Frequent Advisor

‎09-30-2002 09:26 PM

‎09-30-2002 09:26 PM

Prevent accessing a shell ?

How do i prevent a standard user from accessing of
a xterm
a shell,
on a B2000 machine ?

I have a CDE environment.

Which parameters do i need to tune ?

Thanks
Aravind

0 Kudos
Reply
8 REPLIES 8
U.SivaKumar_2
Honored Contributor

‎09-30-2002 09:45 PM

‎09-30-2002 09:45 PM

Re: Prevent accessing a shell ?

Hi,
Iam not sure I undersood your question. You want to restrict a user from logging in. right ?

Put the user's default shell in /etc/passwd as
/dev/null instead of /bin/sh

regards,
U.SivaKumar
Innovations are made when conventions are broken
0 Kudos
Reply
Aravind_3
Frequent Advisor

‎09-30-2002 10:00 PM

‎09-30-2002 10:00 PM

Re: Prevent accessing a shell ?

No...!

The user should be able to login.

But he should have an access only to the Application running on the server when he logs in and nothing else.


Hope it's clear

0 Kudos
Reply
Christian Gebhardt
Honored Contributor

‎09-30-2002 10:07 PM

‎09-30-2002 10:07 PM

Re: Prevent accessing a shell ?

Hi

It's very difficult, because if a user have to log in to the machine the user needs a shel.

So one way is to restrict the user (restricted shell, no access to bin-directory or so)

another way is to forbid the direct connection to the machine and only allow connections via clients (e.g sqlplus to oracle)

a third way is to give the user the application as shell in /etc/passwd (if possible), so the user starts not a shell but the application

Christian
0 Kudos
Reply
U.SivaKumar_2
Honored Contributor

‎09-30-2002 10:09 PM

‎09-30-2002 10:09 PM

Re: Prevent accessing a shell ?

Hi,
Then have a look at this link
http://bizforums.itrc.hp.com/cm/QuestionAnswer/1,,0x13647d4cf554d611abdb0090277a778c,00.html

regards,
U.SivaKumar

Innovations are made when conventions are broken
0 Kudos
Reply
BFA6
Respected Contributor

‎09-30-2002 11:35 PM

‎09-30-2002 11:35 PM

Re: Prevent accessing a shell ?

Hi,

Instead of putting a shell in the passwd file, you could run the application from there, that way when they log in it will automatically run the application.
Or amend their .profile, so that it starts the application.

Regards,

Hilary
0 Kudos
Reply
Balaji N
Honored Contributor

‎10-01-2002 12:00 AM

‎10-01-2002 12:00 AM

Re: Prevent accessing a shell ?

to login to a system you need to have a shell. if u want him to run a certain application, add this application as the shell in /etc/passwd.

hth
-balaji
Its Always Important To Know, What People Think Of You. Then, Of Course, You Surprise Them By Giving More.
0 Kudos
Reply
harry d brown jr
Honored Contributor

‎10-01-2002 05:30 AM

‎10-01-2002 05:30 AM

Re: Prevent accessing a shell ?


in their profile have them exec the application. When the application terminates they get logged off.

live free or die
harry
Live Free or Die
0 Kudos
Reply
Shannon Petry
Honored Contributor

‎10-01-2002 09:16 AM

‎10-01-2002 09:16 AM

Re: Prevent accessing a shell ?

It sounds like you want the users to have a full CDE session without the ability to use a shell.
This is not really possible by conventional means. Kind of like having windows and removing explorer. You can give them the impression that it's gone, but CDE requires a valid shell in order to launch.

Now, there is a hack method, which is to write scripts in place of the standard dtterm, xterm, and hpterm which act as a wrapper.
I.E.
mv /usr/bin/X11/xterm /usr/bin/X11/.xterm
touch /usr/bin/X11/xterm
chmod 4555 /usr/bin/X11/xterm
chown root:bin /usr/bin/X11/xterm
edit /usr/bin//X11/xterm to do something like...
#!/usr/bin/sh
ME=`/usr/bin/who am i`
BADUSR=/list/of/bad/users
if [ -f $BADUSR ] ; then
for USR in `cat $BADUSR` ; do
if [ "${ME}" = "${BADUSR}" ] ; then
exit 0
elif [ "${ME}x" = "x" ] ; then
echo "script broke"
else
/usr/bin/X11/.xterm $*
fi
done
else
echo "$BADUSR list does not exist"
#bypass list
/usr/bin/X11/.xterm $*
fi

Did not test it and it could have side effects. Just use caution!!!

Regards,
Shannon
Microsoft. When do you want a virus today?
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.