HPE Community
Operating System - HP-UX
1838661 Members
9019 Online
110128 Solutions
New Discussion

Rsh

 
SOLVED
Go to solution
Wagner Villela
Advisor

‎06-04-2002 10:13 AM

‎06-04-2002 10:13 AM

Rsh


I would like to know if is possible not to allow that one user who runs restrict shell (rsh) lists the content of other directories via ls.

Thank you,

Wagner
Wagner
0 Kudos
Reply
5 REPLIES 5
MANOJ SRIVASTAVA
Honored Contributor

‎06-04-2002 10:39 AM

‎06-04-2002 10:39 AM

Re: Rsh

Hi Wagner


I dont think the user who uses rsh can go to other directories , so the user wont be able to ls the files even , however if you are trying to setup for the restricted ftp then man be you can try man ftpd and setup accordingly.



Manoj Srivastava
0 Kudos
Reply
Wagner Villela
Advisor

‎06-04-2002 10:59 AM

‎06-04-2002 10:59 AM

Re: Rsh

I dont think the user who uses rsh can go to other directories , so the user wont be able to ls the files even.
Manoj Srivastava

-----------------

Dear Manoj

Yes, the users cannot dislocate for other directories using "cd", but they can obtain a listing of the archives from home directory("/home/procempa", for ex.)just executing "ls - l /restore" or "ls -lt /tmp".

I also think that this was not possible. I never used rsh and therefore I am a little disappointed.

Thank you
Wagner
0 Kudos
Reply
MANOJ SRIVASTAVA
Honored Contributor

‎06-04-2002 11:08 AM

‎06-04-2002 11:08 AM

Re: Rsh

Hi Wagner,


I am so sorry , I see what you are pointing to let me some scratching at th eright palce to get the answer.


Manoj srivastava
0 Kudos
Reply
MANOJ SRIVASTAVA
Honored Contributor

‎06-04-2002 11:20 AM

‎06-04-2002 11:20 AM

Solution

Re: Rsh

Hi Wagner

May be this can help :

10.3.1 Restricted Shell
The restricted shell is designed to put the user into an environment where his or her ability to move around and write files is severely limited. It's usually used for "guest" accounts. You can make a user's login shell restricted by putting rksh or ksh -r in the user's /etc/passwd entry.

The specific constraints imposed by the restricted shell disallow the user from doing the following:

Changing working directories: cd is inoperative. If you try to use it, you will get the error message "ksh: cd: restricted".

Redirecting output to a file: the redirectors >, >|, <>, and >> are not allowed.

Assigning a new value to the environment variables SHELL, ENV, or PATH.

Specifying any pathnames with slashes (/) in them. The shell will treat files outside of the current directory as "not found."

These restrictions go into effect after the user's .profile and environment files are run.

This means that the restricted shell user's entire environment is set up in .profile. Since the user can't overwrite that file, this lets the system administrator configure the environment as he or she sees fit.

Two common ways of setting up such environments are to set up a directory of "safe" commands and have that directory be the only one in PATH, and to set up a command menu from which the user can't escape without exiting the shell.

you may also look at :
http://nevada.tpi.pl/books/b022/ch10_03.htm


and

http://google.yahoo.com/bin/query?p=restrict+ls+in+rksh&hc=0&hs=0

All the best .

Manoj Srivastava


Reply
Steven Sim Kok Leong
Honored Contributor

‎06-04-2002 08:53 PM

‎06-04-2002 08:53 PM

Re: Rsh

Hi,

Yes, you can list other directories even when you are in restricted shell mode (rsh).

In fact, I won't rely on rsh for security because the security measures can be easily overridden (even for cd operations) by simply executing another shell (sh or ksh etc) within rsh itself:

$ pwd
/home/ccesimkl
$ cd /
rsh: cd: The operation is not allowed in a restricted shell.
$ sh
$ cd /

Hope this helps. Regards.

Steven Sim Kok Leong
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.