- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: restricted shell and the command "cd"
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-19-2002 06:30 AM
09-19-2002 06:30 AM
restricted shell and the command "cd"
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-19-2002 06:34 AM
09-19-2002 06:34 AM
Re: restricted shell and the command "cd"
One idea would be to use SUID (set UserID) on the wrapper so that when it calls cd it reports as a non-restricted user.
Rgds,
Jeff
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-19-2002 06:50 AM
09-19-2002 06:50 AM
Re: restricted shell and the command "cd"
cheers,
mark.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-19-2002 10:45 AM
09-19-2002 10:45 AM
Re: restricted shell and the command "cd"
From man sh-posix, rsh restricts the following:
+ Changing directory (see the cd special command and cd(1))
+ Setting the value of SHELL, ENV, or PATH
+ Specifying path or command names containing /
+ Redirecting output (>, >|, <>, and >>)
The restrictions above are enforced after the .profile and ENV files are interpreted.
If it isn't necessary to restrict any of these, then don't use rsh.
If the user really needs to work in another directory, then a subshell (sh) can be invoked to permit the use of cd.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-19-2002 10:48 AM
09-19-2002 10:48 AM
Re: restricted shell and the command "cd"
Correction, a normal subshell (sh) can be invoked from rsh only if rsh is not the login shell. However, csh works.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-19-2002 11:11 AM
09-19-2002 11:11 AM
Re: restricted shell and the command "cd"
with restricted shells, "cd" does only work from within "/etc/profile" and "$HOME/.profile", but stops working afterwards.
So *you* can "cd" that user into any directory you want, from within ".profile", but s/he cannot get away from there.
For that reason s/he should not have write permission for ".profile" nor "$HOME"!
HTH,
Wodisch
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-19-2002 11:14 AM
09-19-2002 11:14 AM
Re: restricted shell and the command "cd"
The sticky bit is not the same as SUID.
SUID in octal would be 4xxx (u=s) and would look like -rwsr--r--
whereas the sticky bit is octal 1xxx (u=t) & looks like rw-r--r-T
The difference is that SUID means set the owner of the process upon execution to the owner of the file. The passwd (/sbin/passwd) executable is a prime example because ONLY root can update the /etc/passwd file - but ANYONE can change their PW. This can only be so by use of SUID.
Sticky bit means save text image on file execution i.e. don't dump the text portion of the executable from memory when the program ends. It's a way for a frequently used executable (vi?) to load faster for the second & subsequent users. Has nothing to do with ownership.
HTH,
Jeff
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-19-2002 06:03 PM
09-19-2002 06:03 PM
Re: restricted shell and the command "cd"
"
10.3.1 Restricted Shell
The restricted shell is designed to put the user into an environment where his or her ability to move around and write files is severely limited. It's usually used for "guest" accounts. You can make a user's login shell restricted by putting rksh or ksh -r in the user's /etc/passwd entry.
The specific constraints imposed by the restricted shell disallow the user from doing the following:
Changing working directories: cd is inoperative. If you try to use it, you will get the error message "ksh: cd: restricted".
Redirecting output to a file: the redirectors >, >|, <>, and >> are not allowed.
Assigning a new value to the environment variables SHELL, ENV, or PATH.
Specifying any pathnames with slashes (/) in them. The shell will treat files outside of the current directory as "not found."
These restrictions go into effect after the user's .profile and environment files are run.
This means that the restricted shell user's entire environment is set up in .profile. Since the user can't overwrite that file, this lets the system administrator configure the environment as he or she sees fit.
Two common ways of setting up such environments are to set up a directory of "safe" commands and have that directory be the only one in PATH, and to set up a command menu from which the user can't escape without exiting the shell.
you may also look at :
http://nevada.tpi.pl/books/b022/ch10_03.htm
and
http://google.yahoo.com/bin/query?p=restrict+ls+in+rksh&hc=0&hs=0
Also look at this http://forums.itrc.hp.com/cm/QuestionAnswer/1,,0x4b278f960573d611abdb0090277a778c,00.html link :
All the best .
Manoj Srivastava