HPE Community
Operating System - HP-UX
1855279 Members
5610 Online
104109 Solutions
New Discussion

Re: rksh or other restrictive shells?

 
SOLVED
Go to solution
Victor Prasad
Occasional Advisor

‎10-03-2002 09:57 AM

‎10-03-2002 09:57 AM

rksh or other restrictive shells?

Hello,

I have setup some users to go into a directory with rksh - yet they still have access to some of the applications in the path.

Here is the setup of the users in the passwd file:

+test::0:0:test test:/guest/file/output:/bin/rksh

In this directory there are files - but they cans still execute applications from the command line like 'tool'

i.e.

which tool
/usr/util/bin/tool

I want to prevent them from accessing 'tool' (or any other command line applications).

I still have to give the access to this directory - for ftp use and viewing files.

How would I do this? Or will rksh let me do this? Am I going about this the wrong way?

Any suggestions would be welcomed!

Thanks,

V
Why doesn't this work....?
0 Kudos
Reply
1 REPLY 1
Ted Ellis_2
Honored Contributor

‎10-03-2002 10:11 AM

‎10-03-2002 10:11 AM

Solution

Re: rksh or other restrictive shells?

take a look at the environment (env) after you log-in with this user... specifically the PATH variable. The restrictive shell will prevent the user from changing directories, but your normal PATH definitions will still be in effect, which gives them ways to escape the restrictive shell and execute commands normally.

Create a directory like /bin/secure.. or whatever you want...

now place symbolic links to the commands that this user will need and only this.
ie. ln -s /usr/bin/ftp /bin/secure/ftp

create or modify this users .profile and set PATH=/bin/secure and export this PATH variable

There will be other binaries that need links, but the list should be pretty short. A little trial and error and you will be left with a rksh environment that will only allow certain commands.

Ted

Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.