Operating System - Linux
1839253 Members
2834 Online
110137 Solutions
New Discussion

Re: restricted shell access for user acct

 
SOLVED
Go to solution
Rick Garland
Honored Contributor

restricted shell access for user acct

Hi all:

RH Linux As 2.1 is the OS.

Got a user acct I have setup, need to restrinct access of this acct. Allow it to traverse down the directory it is restricted to - do not all it to come.

Any ideas?

Many thanks

5 REPLIES 5
Steven E. Protter
Exalted Contributor
Solution

Re: restricted shell access for user acct

/sbin/nologin

As the SHELL in /etc/passwd will obviously preven login.

Perhaps the chroot command in the .bash_profile

I thought there was a restricted shell like in HP-UX but can't find it on my systems.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Steven E. Protter
Exalted Contributor

Re: restricted shell access for user acct

Or. PErhaps I could ACTUALLY do my homework.

http://www.europe.redhat.com/documentation/HOWTO/Adv-Bash-Scr-HOWTO/restricted-sh.php3

Shows shell scripting with restricted shell, I bet similar methodology works in the /etc/passwd file.

This link shows a non-bash restricted shell that can be installed and used..

http://www.redhat.com/archives/redhat-list/1999-June/msg02059.html

You know, I often forget to check it but you can learn how to do darn near anything at

http://www.tldp.org/

Right now the search on that site is hanging.

Go figure.

SEP

Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Stuart Browne
Honored Contributor

Re: restricted shell access for user acct

You can literally use "/bin/bash -r" in /etc/passwd.

This unfortunately doesn't stop the user from just re-running /bin/bash to get an un-restricted shell however.
One long-haired git at your service...
Steven E. Protter
Exalted Contributor

Re: restricted shell access for user acct

Stuart, couldn't he use some kind of chroot() command in the profile to prevent running the normal shell?

Or could he make a copy of the bash shell and restrict permissions on it, use this new users group to prevent re-running the shell?

I think so, I don't know the chroot command very well, but I know you could make a copy of the bash shell and keep that user from executing it.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Stuart Browne
Honored Contributor

Re: restricted shell access for user acct

I guess it depends on what the user is supposed to do in the end.

The issue with 'chroot' is that it literally says "This is now my root directory". Meaning, unless a library is in memory etc. etc., they'll need populated lib,bin,etc (etc.) directories.

Not pretty. If they are just running a custom application, then it's possible. I suppose you could also just created hard-linked structures, but...
One long-haired git at your service...