Mailinglist Archive: opensuse-security (685 mails)

< Previous Next >
Re: [suse-security] Login questions
  • From: <ksemat@xxxxxxxxxxxxxxx>
  • Date: Thu, 7 Feb 2002 21:02:45 +0300 (EAT)
  • Message-id: <Pine.LNX.4.33.0202072057441.11578-100000@xxxxxxxxxxxxxxxxxxx>

> if you need a shell login, but want them jailed in their home-dir
> you can use rbash as login shell (restricted bash). but the you
> must take care, that the users find everything they need in their
> homedir because rbash chrootes to that dir.

doesn't really unless you also restrict them to a certain path otherwise a
bright user will simmply type bash or csh or ksh and the shell will find
it in their path and execute it without all your ncie restrictions.

A suggestion is this:

1.set the shell to /usr/bin/rbash
2. Make a directory say /usr/rbin and put all commands the users may need
in there or simply restrict them to /usr/bin
3. Edit /home/$user/.profile and put
PATH=/usr/rbin or whatever you've set it to
and do
chattr +i /home/$user/.profile that way they cannot change their path
since rbash restricts it, and they also will not be able to edit their
.profile.

Of course there are many much better solutions but I found this the
easiest way.

Noah.


< Previous Next >
References