Date: Fri, 30 Aug 2002 15:03:58 -0400 From: "C. A. Daelhousen" <cd9@buffalo.edu> To: freebsd-questions@FreeBSD.ORG Cc: Gerard Samuel <gsam@trini0.org> Subject: Re: Restricting user Message-ID: <20020830150358.A25578@selvirjin.buffalo.edu> In-Reply-To: <20020830183418.A69753@gicco.cablecom.ch>; from hanspeter_roth@hotmail.com on Fri, Aug 30, 2002 at 06:34:18PM %2B0200 References: <3D6F9A15.5020308@trini0.org> <20020830183418.A69753@gicco.cablecom.ch>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Aug 30, 2002 at 06:34:18PM +0200, Hanspeter Roth wrote:
> On Aug 30 at 12:15, Gerard Samuel spoke:
>
> > I would like to restrict a user to their home directory.
> > jail seems to be just for processes.
> > What else is there that I can look at.
>
> Maybe a restricted shell such as bash -r.
>
> -Hanspeter
>
If you do this, be careful about the dotfiles that the shell reads when
it starts up. A college I used to attend didn't remove
'PATH=${PATH}:${HOME}/bin' from one of those dotfiles--allowing any user
to write a shell script to give them an unrestricted shell.
~/bin/foo:
#!/bin/sh
exec /bin/csh
(Another lesson to be learned: don't make your policies so draconian
that people can't report what they find.)
--
..: Chad Daelhousen == cd9@buffalo.edu :.........: sig v3.1 :...
: Programming for 10 +/- 2 years (50 +/- 10% of a lifetime) :
:.............Perl will be the first to implement mind reading.:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020830150358.A25578>