Date: Sat, 12 Mar 2005 05:44:22 +0200 From: Giorgos Keramidas <keramida@ceid.upatras.gr> To: doug@safeport.com Cc: freebsd-questions@freebsd.org Subject: Re: bash restricted shell Message-ID: <20050312034422.GB48885@gothmog.gr> In-Reply-To: <20050311191532.X8887@pemaquid.safeport.com> References: <20050311191532.X8887@pemaquid.safeport.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2005-03-11 19:53, doug@safeport.com wrote: > On a standard 4.11 install /usr/local/bin/bash = v2.04. rbash does not > exist. So I added it as an sh script. This works okay in that normal > things I tried do not break out. This is probably good enough for the > users I would give this shell to. My question is basically: what is > the "right" way to do this? Create a /usr/local/bin/rbash script containing the following lines: #!/usr/local/bin/bash exec /usr/local/bin/bash --login --restricted "$@" The initial #! line is necessary, in my opinion, because having it there means you don't need to depend on the fact that shell scripts do accept options on the #! line. Set the permissions and owner of the new script and add it to /etc/shells: % chmod 0555 /usr/local/bin/rbash % chown root:wheel /usr/local/bin/rbash % echo '/usr/local/bin/rbash' >> /etc/shells Than you should be able to use '/usr/local/bin/rbash' as the login shell of a user and have the user restricted in the HOME directory.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050312034422.GB48885>