Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 12 Jan 2000 12:08:07 +0600
From:      Mojahedul Hoque Abul Hasanat <mojahed@citechco.net>
To:        FreeBSD-Questions@FreeBSD.ORG
Subject:   Re: Question about restricted shell account.
Message-ID:  <20000112120806.A379@mars.cosmos.net>
In-Reply-To: <4.2.0.58.20000110011322.00b318d0@mail.enterit.com>
References:  <Pine.BSF.4.10.10001101502570.75543-100000@iteso.mx> <20000110181654.1149.qmail@nwcst289.netaddress.usa.net> <Pine.BSF.4.10.10001101502570.75543-100000@iteso.mx> <20000111113354.B313@mars.cosmos.net> <4.2.0.58.20000110011322.00b318d0@mail.enterit.com>

next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Jan 10, 2000 at 01:19:25AM -0500, Jim Conner wrote:
> >
> >A restricted shell will not prevent them from running another
> >shell (bash, tcsh, ...) or program like emacs and changing the
> >directory.
> 
> From what I understand about rksh and some others this is not
> entirely accurate.  rksh will only run whats in the PATH
> ...
> and place only the binaries you allow for that user to execute
> then you should be safe.

I agree with you here.

> [ snip ] 
> Essentially, this restricted shell is chroot'ed (as far as I
> understand a chroot to be) plus more restricted since the user
> can't cd.

Once you chroot, you can not access anything outside the chroot
jail in any way.  But with only a restricted shell, you have to
be very careful on what you place in PATH.  You have to make sure
that no program can do a cd or run something outside PATH.  Even
a harmless vi can ruin your day.

So, you may still want to use chroot in addition to a restricted
shell.


-- 
Mojahed


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000112120806.A379>