HPE Community
Operating System - Tru64 Unix
1827713 Members
2831 Online
109967 Solutions
New Discussion

Re: Rsh "restricted shell"

 
SOLVED
Go to solution
Scot McDavitt
New Member

‎01-29-2004 05:49 AM

‎01-29-2004 05:49 AM

Rsh "restricted shell"

I am looking for information related to using Rsh to lock down guest users. As I understand it the shell should not all the use of / in a path command thus prevent the guest from viewing directories above the home directory that is assigned. I have setup a test user account and found that I can ls / and see all files in the root dir and also cat /etc/hosts. I am trying to prevent the guest from seeing this information. I have found very little documentation on Rsh am I missing a switch or not calling the shell correctly?
0 Kudos
5 REPLIES 5
Ralf Puchner
Honored Contributor

‎01-29-2004 11:11 PM

‎01-29-2004 11:11 PM

Re: Rsh "restricted shell"

be sure you are using Rsh not rsh ;-)

The restricted shell allows to ls other directories but disallows a move to that directory. It is restricted within the functionality.

to restrict the access to specific directories, use ACL. See man setacl, getacl for more, Security Guide also has more
information. You would also need to look at this a little closer, ACL's are usually placed on files, and directories to further control access.

Other possibilities that affect access: File permissions, file ownership.
Help() { FirstReadManual(urgently); Go_to_it;; }
0 Kudos
Scot McDavitt
New Member

‎01-30-2004 04:25 AM

‎01-30-2004 04:25 AM

Re: Rsh "restricted shell"

Thanks for the info. I am still looking for why it allow "/" in a string. According to the Rsh man pages it should not. Note 3rd bullet.

The restricted shell, Rsh, is used to set up login names and execution
environments whose capabilities are more controlled than those of the
standard shell. The actions of Rsh are identical to those of sh, except
that the following are not allowed:

· Changing directory (with the cd command)

· Setting the value of PATH or SHELL

· Specifying pathnames or command names containing /

· Redirecting output (with >
0 Kudos
Michael Schulte zur Sur
Honored Contributor

‎01-30-2004 09:08 AM

‎01-30-2004 09:08 AM

Solution

Re: Rsh "restricted shell"

Hi,

I haven't found anything specific so far for tru unix but here is something worthwhile reading:
http://newfdawg.com/SHP-RestShell
Can you explain, what the user is to be allowed to do?

Michael
Scot McDavitt
New Member

‎01-30-2004 09:17 AM

‎01-30-2004 09:17 AM

Re: Rsh "restricted shell"

What I am doing is setting up a user account for a 3rd party vendor that will allow him to "grep, cat,& more" a report that I will be outputting to his home dir and a log file that will be copied to his home dir. and I just don't want him browsing around the system.
0 Kudos
Scot McDavitt
New Member

‎01-30-2004 09:34 AM

‎01-30-2004 09:34 AM

Re: Rsh "restricted shell"

Michael,
I looked trought the link you gave me and It have some changes that I made to the .profile for that user and it's looking good.
Thanks for you help.
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.