HPE Community
Operating System - Linux
1761318 Members
3345 Online
108901 Solutions
New Discussion юеВ

restricted shell access for user acct

 
SOLVED
Go to solution
Rick Garland
Honored Contributor

тАО05-19-2003 12:38 PM

тАО05-19-2003 12:38 PM

restricted shell access for user acct

Hi all:

RH Linux As 2.1 is the OS.

Got a user acct I have setup, need to restrinct access of this acct. Allow it to traverse down the directory it is restricted to - do not all it to come.

Any ideas?

Many thanks

0 Kudos
Reply
5 REPLIES 5
Steven E. Protter
Exalted Contributor

тАО05-19-2003 01:16 PM

тАО05-19-2003 01:16 PM

Solution

Re: restricted shell access for user acct

/sbin/nologin

As the SHELL in /etc/passwd will obviously preven login.

Perhaps the chroot command in the .bash_profile

I thought there was a restricted shell like in HP-UX but can't find it on my systems.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Reply
Steven E. Protter
Exalted Contributor

тАО05-19-2003 01:27 PM

тАО05-19-2003 01:27 PM

Re: restricted shell access for user acct

Or. PErhaps I could ACTUALLY do my homework.

http://www.europe.redhat.com/documentation/HOWTO/Adv-Bash-Scr-HOWTO/restricted-sh.php3

Shows shell scripting with restricted shell, I bet similar methodology works in the /etc/passwd file.

This link shows a non-bash restricted shell that can be installed and used..

http://www.redhat.com/archives/redhat-list/1999-June/msg02059.html

You know, I often forget to check it but you can learn how to do darn near anything at

http://www.tldp.org/

Right now the search on that site is hanging.

Go figure.

SEP

Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Reply
Stuart Browne
Honored Contributor

тАО05-19-2003 06:01 PM

тАО05-19-2003 06:01 PM

Re: restricted shell access for user acct

You can literally use "/bin/bash -r" in /etc/passwd.

This unfortunately doesn't stop the user from just re-running /bin/bash to get an un-restricted shell however.
One long-haired git at your service...
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

тАО05-20-2003 06:16 AM

тАО05-20-2003 06:16 AM

Re: restricted shell access for user acct

Stuart, couldn't he use some kind of chroot() command in the profile to prevent running the normal shell?

Or could he make a copy of the bash shell and restrict permissions on it, use this new users group to prevent re-running the shell?

I think so, I don't know the chroot command very well, but I know you could make a copy of the bash shell and keep that user from executing it.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Stuart Browne
Honored Contributor

тАО05-20-2003 03:23 PM

тАО05-20-2003 03:23 PM

Re: restricted shell access for user acct

I guess it depends on what the user is supposed to do in the end.

The issue with 'chroot' is that it literally says "This is now my root directory". Meaning, unless a library is in memory etc. etc., they'll need populated lib,bin,etc (etc.) directories.

Not pretty. If they are just running a custom application, then it's possible. I suppose you could also just created hard-linked structures, but...
One long-haired git at your service...
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.