HPE Community
Operating System - HP-UX
1843887 Members
2795 Online
110225 Solutions
New Discussion

Re: Restict shell cannot use cd in owner directory

 
Valkiria Santos
Frequent Advisor

‎07-02-2003 10:37 AM

‎07-02-2003 10:37 AM

Restict shell cannot use cd in owner directory

Hi there,

I created a user wiht rsh shell. I wish the user could run a cd command inside a directory created by him


Thanks,
valkiria
0 Kudos
Reply
4 REPLIES 4
Shannon Petry
Honored Contributor

‎07-02-2003 10:40 AM

‎07-02-2003 10:40 AM

Re: Restict shell cannot use cd in owner directory

This will not happen, as the change directory commands are not allowd in rsh. Read the man pages on rsh for more information.

As my dad used to say, wish in one hand and s_it in the other, and watch which one fills first.


For most things Unix is very flexible. Restricted shell is however a security measure to keep users in jail, and has no flexibility to maintain it's jail.


Sincerely,
Shannon
Microsoft. When do you want a virus today?
0 Kudos
Reply
Chris Vail
Honored Contributor

‎07-02-2003 10:56 AM

‎07-02-2003 10:56 AM

Re: Restict shell cannot use cd in owner directory

You would have to put cd and other standard unix commands in the home directory, or some subdirectory of it.

This is the HUGEST disadvantage of the rsh or rksh. It means that each user has to have his/her own /bin, /sbin /usr/bin directories. With a lot of users, this becomes very difficult to maintain.

Chris
0 Kudos
Reply
Tim D Fulford
Honored Contributor

‎07-02-2003 10:58 AM

‎07-02-2003 10:58 AM

Re: Restict shell cannot use cd in owner directory

This is pritty much whar rsh does!!

Tim
-
0 Kudos
Reply
Shannon Petry
Honored Contributor

‎07-02-2003 11:15 AM

‎07-02-2003 11:15 AM

Re: Restict shell cannot use cd in owner directory

Chris, you are obviously not very educated in shells, so Im going to teach you a bit.

Change directory is a shell internal command, not a command in /usr/bin or anywhere else. A person can sit in restricted shell all day long trying to set path statements, and it will still not change the fact that they cant use the cd command, or popd, pushd.

HP-UX does contain a "cd" command, but if you looked at it you would see that it's simply a pass through cheezy script, and why it was added is beyond me. Copying this to the users home would do as much as making a link, in this case absolutely nothing.

There are many reasons to use restricted shell, and keeping a personal bin directory is useless as it restricts more than just the cd command.

You may also want to pick up some basic shell books to learn the fundamental workings of shells. O'Reilly has an exceptional book on Korn shell, as well as Unix in a Nutshell which covers the basics of csh, sh, and ksh.

Sincerely,
Shannon
Microsoft. When do you want a virus today?
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.