Re: Restricted Shells or Menu Based Shells

From: Sumit Dhar (dhar@dexponet.com)
Date: 02/26/02


Date: Tue, 26 Feb 2002 12:58:41 -0500 (EST)
From: Sumit Dhar <dhar@dexponet.com>
To: Sematimba Noah Kevin <ksemat@wawa.eahd.or.ug>


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tue, 26 Feb 2002, Sematimba Noah Kevin wrote:

> remember to make sure that the users /home/$user/.profile is restricted
> either root i.e owner root permissions 0700, or set to immutable with
> chattr +i

Yes, that goes pretty much with out saying... I think that is better to
use the chattr +i option rather than the 0700 mode as the user might be
able to delete this file otherwise.

I have had enterprising users get vim or other binaries from other
machines onto the machine where they were given a restricted shell and
they used it exit the restricted shell.

A restricted shell is a tricky thing.. An experienced user get out of it
inspite of all your precautions. So be warned... :)

Regards
Dhar
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8e8zluQMMKXqy0FoRAuONAJ9lXmKDnfRn8mycsWJcO03Z/NpmeACgxZTW
26baqAK7Fi3KeuBdj5Xxb3g=
=J91m
-----END PGP SIGNATURE-----