bug-bash
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Restricted Bash - Not so restrictive (in 4.2 as well)


From: Chet Ramey
Subject: Re: Restricted Bash - Not so restrictive (in 4.2 as well)
Date: Wed, 11 Jan 2012 08:58:56 -0500
User-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:8.0) Gecko/20111105 Thunderbird/8.0

On 1/11/12 6:12 AM, Jonathan Nieder wrote:
> Hi,
> 
> Sarnath K - ERS, HCLTech wrote:
> 
>> I see this problem in the latest Bash 4.2 as well. Say, I invoke
>> "rbash" or "bash -r". This leaves me in a restrictive shell.
>> However, this restrictive shell allows me to run "bash" or any other
>> shell (without execing - just simply run) which leaves me in a
>> normal shell.
> 
> Typically rbash is used with a nonstandard PATH setting to give users
> access to a restricted set of commands.

The restricted shell is only one of several components of a restricted
environment.  Two others are a (readonly) value of $PATH that includes
only the directory Jonathan mentioned (typically /usr/rbin) and not
giving users write access to their home directory.  A readonly .profile
in a readonly home directory sets up the desired $PATH and leaves the
user in some other scratch directory to which he has write access.  When
I set this kind of thing up about 25 years ago, we used ~/work.

It's appropriate for the bash man page to describe the bash behavior
when run in restricted mode.  That's not the place for a tutorial on
how to set up a restricted environment.

Chet

-- 
``The lyf so short, the craft so long to lerne.'' - Chaucer
                 ``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, ITS, CWRU    chet@case.edu    http://cnswww.cns.cwru.edu/~chet/



reply via email to

[Prev in Thread] Current Thread [Next in Thread]