Re: [LUNI] Jailing Users

• Previous message: Admin: "[LUNI] OT: Deathpoint"
• In reply to: Erich Kolb: "[LUNI] Jailing Users"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Mar 28, 2001 at 02:53:30, Erich Kolb said:
> Does anyone know how to "jail" users to their home directories?

In what way? Interactive usage or what?

The restricted mode of pdksh might do what you want....

       A shell is restricted if the -r option is used or if
       either the basename of the name the shell is invoked with
       or the SHELL parameter match the pattern *r*sh (e.g., rsh,
       rksh, rpdksh, etc.). The following restrictions come into
       effect after the shell processes any profile and $ENV
       files:
         ˇ the cd command is disabled
         ˇ the SHELL, ENV and PATH parameters can't be changed
         ˇ command names can't be specified with absolute or
              relative paths
         ˇ the -p option of the command built-in can't be used
         ˇ redirections that create files can't be used (i.e.,
>, >|, >>, <>)

bash2 also has a restricted mode:
RESTRICTED SHELL
       If bash is started with the name rbash, or the -r option
       is supplied at invocation, the shell becomes restricted.
       A restricted shell is used to set up an environment more
       controlled than the standard shell. It behaves identi­
       cally to bash with the exception that the following are
       disallowed or not performed:

       ˇ changing directories with cd

       ˇ setting or unsetting the values of SHELL, PATH,
              ENV, or BASH_ENV

       ˇ specifying command names containing /

       ˇ specifying a file name containing a / as an argu­
              ment to the . builtin command

       ˇ importing function definitions from the shell envi­
              ronment at startup

       ˇ parsing the value of SHELLOPTS from the shell envi­
              ronment at startup

       ˇ redirecting output using the >, >|, <>, >&, &>, and
>> redirection operators

       ˇ using the exec builtin command to replace the shell
              with another command

       ˇ adding or deleting builtin commands with the -f and
              -d options to the enable builtin command

       ˇ specifying the -p option to the command builtin
              command

       ˇ turning off restricted mode with set +r or set +o
              restricted.

-- 
   Keith T. Garner                                        kgarner@kgarner.com
  The Net Squad, Internet Solutions Architect           garner@thenetsquad.com
    "Yea though I walk through the valley of point-and-click, I will fear no
 command line: for UNIX art with me; thy kernel and thy shell they comfort me."
-=-
Linux Users Of Northern Illinois: General Discussion Mailing list.
For unsubscription, archives, and announcements only see http://luni.org

• Next message: MegaPath Networks (Northpoint Update): "[LUNI] IMPORTANT NORTHPOINT UPDATE - PLEASE READ"
• Previous message: Admin: "[LUNI] OT: Deathpoint"
• In reply to: Erich Kolb: "[LUNI] Jailing Users"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Wed Mar 28 2001 - 15:15:00 CST