Date: Tue, 6 Nov 2001 18:15:06 +0300 (EAT) From: <ksemat@wawa.eahd.or.ug> To: Sven Huster <sven.huster@mailsurf.com> Cc: <freebsd-isp@FreeBSD.ORG> Subject: Re: restrict shell access Message-ID: <Pine.LNX.4.33.0111061809540.2730-100000@sanyu1.sanyutel.com> In-Reply-To: <00f701c166b5$c6546d20$fe00fa0a@venus>
next in thread | previous in thread | raw e-mail | index | archive | help
Simple chroot I use: mkdir /usr/rbin chmod 0755 /usr/rbin Put commands you would like users to be able to execute in /usr/rbin edit /etc/skel/.profile put an explicit path in there: PATH = /usr/rbin That way all new users will get this by default. Create a symbolic link /usr/bin/rbash to /usr/local/bin/bash use this as the login shell for these users. And also remember to chflags noschg /home/$user/.profile so that the user will not be bale to edit his .profile and change the oath settings or even be able to delete it. not perfect but it works for me. The restricted bash shell prevents users form being able to explicitly specify commands with a leading slash and lots of other things. And because they are restricted to a certain directory, they cannot specify another shell on the command line. Noah. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.4.33.0111061809540.2730-100000>