HPE Community
Operating System - HP-UX
1830504 Members
2388 Online
110006 Solutions
New Discussion

Restricted Login

 
MARCONI SPA
Occasional Advisor

‎05-14-2002 01:06 AM

‎05-14-2002 01:06 AM

Restricted Login

I have need to only qualify the telnet of a customer to the own HOME and below directory. They are not successful to find documentation with regard to, for which I wanted to know if the thing were feasible and eventually as. Thanks in advanced
Riccardo Bigoni
0 Kudos
Reply
9 REPLIES 9
David Burgess
Esteemed Contributor

‎05-14-2002 01:14 AM

‎05-14-2002 01:14 AM

Re: Restricted Login

A restricted shell may help. It will keep the user in one directory.
Perhaps change the users group id to a uniq one that can't read anything, but their own files.

HTH,

Dave.
0 Kudos
Reply
John Carr_2
Honored Contributor

‎05-14-2002 01:14 AM

‎05-14-2002 01:14 AM

Re: Restricted Login

Hi

this thread expains all.

http://forums.itrc.hp.com/cm/QuestionAnswer/1,,0x59c9c8ecad09d6118ff40090279cd0f9,00.html

cheers
John
0 Kudos
Reply
steven Burgess_2
Honored Contributor

‎05-14-2002 01:16 AM

‎05-14-2002 01:16 AM

Re: Restricted Login

Hi

You need to give the user a restricted shell /usr/bin/rsh

via

useradd -m -s /usr/bin/rsh < user >

It gives

1. A user can't change dirs
2. Can't set env variables
3. Can't execute programs
4 I/O redirection is disabled

Have a look at man useradd for more info

Regards

Steve
take your time and think things through
0 Kudos
Reply
Niraj Kumar Verma
Trusted Contributor

‎05-14-2002 01:33 AM

‎05-14-2002 01:33 AM

Re: Restricted Login

Hi,

I agree with steven

do use rsh as login shell.


-Niraj
Niraj.Verma@philips.com
0 Kudos
Reply
MARCONI SPA
Occasional Advisor

‎05-14-2002 01:47 AM

‎05-14-2002 01:47 AM

Re: Restricted Login

Hi,

I dont'agree.
Is impossible to use rsh (or rksh) why this shell disable cd.
In my question i need do use $HOME and BELOW directory $HOME/1 $HOME/pppppdd etc.

Thanks.
Riccardo Bigoni
0 Kudos
Reply
David Burgess
Esteemed Contributor

‎05-14-2002 01:51 AM

‎05-14-2002 01:51 AM

Re: Restricted Login

I don't think even chroot will help you.
I'm not sure it can be achieved.

Regards,

Dave.
0 Kudos
Reply
Deepak Extross
Honored Contributor

‎05-14-2002 02:48 AM

‎05-14-2002 02:48 AM

Re: Restricted Login

I guess you'll have to rely on tight Unix permissions to do this - Create a new group and userid for this guy and make sure all other users/groups do not give access to "others" on any of their files/directories.
Of course your user will still be able to access places like /tmp which allow access to "others".
0 Kudos
Reply
Geetha Alagappan
Regular Advisor

‎05-15-2002 07:30 AM

‎05-15-2002 07:30 AM

Re: Restricted Login

Please take a look at this thread...

http://forums.itrc.hp.com/cm/QuestionAnswer/1,,0x42647bb04b5cd611abdb0090277a778c,00.html
hercules
0 Kudos
Reply
Bill Hassell
Honored Contributor

‎05-15-2002 08:13 AM

‎05-15-2002 08:13 AM

Re: Restricted Login

The only secure way to do this is to replace the shell with a menu program (note: program, not a shell script). If they are to be restricted to their own $HOME, they likely do not need all the shell and HP-UX commands, so let the menu handle their needs. Note tha programs like vi have an escape to a shell so make sure that if the menu program allows vi, that the variable SHELL=/usr/bin/false has been set in the environment.


Bill Hassell, sysadmin
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.