Hi to all again, thanks for all the ideas! What I did at the end is a mix of some things you guys said: 1.- created a .bashrc fila with a logout on the first line for all users (Just one) 2.- Change shell to bash for all this users. 3.- chown root .bashrc 4.- chmod 555 .bashrc And there you go! Do you find a hole on that? Regards.
Ben Yau wrote:
-----Original Message----- From: Sven 'Darkman' Michels [mailto:sven@darkman.de]
Ben Yau wrote:
Another thing to try is put "logout" at the beginning of ~/.bash_login. Upon ssh login it will run the .bash_login and log them out.
On sftp, it
won't run ~/.bash_login so they can still sftp
ssh user@remote.sftp.server rm .bash_login
;)
Ruin my day .. go ahead :)
I started thinking of another solution (along the lines of alias rm='logout') when I realized that a smart user could just sftp and put in a new ~/.bash_profile.
Provided they were clever enough to figure out how you auto logged them out. ...
Depends on what's acceptable at your place. You could give the person (people) a home dir that is owned by root, and all files in the home dir owned by root, with perms of 555 (basically a shell home, just enough to make whatever you need work); then you could set things up that way. It seems to me there should be a more elegant way, but my point is you should be able to make the above work. That is assuming you're allowed to lock it down that tight (by management).
HTH, Kevin
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here