Re: How to restrict ssh user to the home directory ?
- From: Robert Hajime Lanning <robert.lanning@xxxxxxxxx>
- Date: Thu, 23 Apr 2009 18:03:31 -0700
On Thu, Apr 23, 2009 at 7:57 AM, J. Bakshi <bakshi12@xxxxxxxxx> wrote:
On Wed, 22 Apr 2009 11:21:06 -0600
Benny Helms <benny@xxxxxxxxxx> wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
You always have the option of changing their login shell to
'/bin/bash -s' which locks them in. Unfortunately, it also takes
away their access to things like, 'ls' and 'cp' and 'vi', etc.,
unless you include copies in their home folder.
You also need to remember that some apps like 'vim' will allow a user
a shell escape which can break the limits you set. Make sure to give
them access only to the secure version. For 'vim' that would be
'rvim'.
thanks a lot for the rvim tip.
I am grateful to you to make me aware that vim allows shell access.
A lot of utilities allow shell access.
more
less
vi
nvi
vim
emacs
nano
pico
awk
...
If you have perl access, you have fork/exec access.
uploading your own binaries that fork/exec...
general shell access is not easy to do securely.
chroot is basically your only choice.
--
And, did Galoka think the Ulus were too ugly to save?
-Centauri
- References:
- How to restrict ssh user to the home directory ?
- From: J. Bakshi
- Re: How to restrict ssh user to the home directory ?
- From: Benny Helms
- Re: How to restrict ssh user to the home directory ?
- From: J. Bakshi
- How to restrict ssh user to the home directory ?
- Prev by Date: Re: Requiring Dual Factor Authentication / Multiple Authentication
- Next by Date: Re: Requiring Dual Factor Authentication / Multiple Authentication
- Previous by thread: Re: How to restrict ssh user to the home directory ?
- Next by thread: Re: How to restrict ssh user to the home directory ?
- Index(es):
Relevant Pages
|
