[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Restricted Bash - Not so restrictive (in 4.2 as well)
From: |
Chet Ramey |
Subject: |
Re: Restricted Bash - Not so restrictive (in 4.2 as well) |
Date: |
Wed, 11 Jan 2012 08:58:56 -0500 |
User-agent: |
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:8.0) Gecko/20111105 Thunderbird/8.0 |
On 1/11/12 6:12 AM, Jonathan Nieder wrote:
> Hi,
>
> Sarnath K - ERS, HCLTech wrote:
>
>> I see this problem in the latest Bash 4.2 as well. Say, I invoke
>> "rbash" or "bash -r". This leaves me in a restrictive shell.
>> However, this restrictive shell allows me to run "bash" or any other
>> shell (without execing - just simply run) which leaves me in a
>> normal shell.
>
> Typically rbash is used with a nonstandard PATH setting to give users
> access to a restricted set of commands.
The restricted shell is only one of several components of a restricted
environment. Two others are a (readonly) value of $PATH that includes
only the directory Jonathan mentioned (typically /usr/rbin) and not
giving users write access to their home directory. A readonly .profile
in a readonly home directory sets up the desired $PATH and leaves the
user in some other scratch directory to which he has write access. When
I set this kind of thing up about 25 years ago, we used ~/work.
It's appropriate for the bash man page to describe the bash behavior
when run in restricted mode. That's not the place for a tutorial on
how to set up a restricted environment.
Chet
--
``The lyf so short, the craft so long to lerne.'' - Chaucer
``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, ITS, CWRU chet@case.edu http://cnswww.cns.cwru.edu/~chet/
- Restricted Bash - Not so restrictive (in 4.2 as well), Sarnath K - ERS, HCLTech, 2012/01/11
- Re: Restricted Bash - Not so restrictive (in 4.2 as well), Jonathan Nieder, 2012/01/11
- Re: Restricted Bash - Not so restrictive (in 4.2 as well),
Chet Ramey <=
- RE: Restricted Bash - Not so restrictive (in 4.2 as well), Sarnath K - ERS, HCLTech, 2012/01/11
- Re: Restricted Bash - Not so restrictive (in 4.2 as well), Jonathan Nieder, 2012/01/11
- RE: Restricted Bash - Not so restrictive (in 4.2 as well), Sarnath K - ERS, HCLTech, 2012/01/12
- Re: Restricted Bash - Not so restrictive (in 4.2 as well), Pierre Gaston, 2012/01/12
- RE: Restricted Bash - Not so restrictive (in 4.2 as well), Sarnath K - ERS, HCLTech, 2012/01/12
- Re: Restricted Bash - Not so restrictive (in 4.2 as well), Pierre Gaston, 2012/01/12
- RE: Restricted Bash - Not so restrictive (in 4.2 as well), Sarnath K - ERS, HCLTech, 2012/01/12