Re: Restricted Shells or Menu Based Shells

From: Steffen Dettmer (
Date: 03/04/02

Date: Mon, 4 Mar 2002 09:04:25 +0100
From: Steffen Dettmer <>

* Sumit Dhar wrote on Sat, Mar 02, 2002 at 04:07 -0500:
> On Thu, 28 Feb 2002, Steffen Dettmer wrote:
> > really a lot of tools. Don't cp standard ftp, since it's able to
> > drop a non-restricted /bin/bash. Ohh, and don't set up paths and
> Hmm, always interested in knowing something new. I kind of knew that a
> ftp could drop you into a shell. But have never been able to do that.
> How could one go about doing it?? Any pointers?

The standard linux ftp client drops a shell if you say
IIRC. You can type any command after "!".

> > such in .profile - users may overwrite it! Make sure you make
> > other variables readonly. Set the PATH to the new "bin" style
> > tree only!
> How would one go about doing this. What I did was slightly kludgy, so
> would really appreciate comments.. Usually how do you go about doing
> this part. Cos I feel this is the trickiest and the most important
> part...

Well, you must make sure that the users are not allowed to write
to any path of PATH of course. If possible, make ~ not writable
too (it is not sufficient to make ~/.*, as .profile, not
writeable, since the users could delete and re-create those
files). You have to set up the variables in /etc/profile,
system-wide. You have to determine if the starting user is
restricted or not by some condition, and if it's true, set up
needed read-only variables, as PATH and such. I copied some tools
to /home/bin, i.e. /home/bin/rbash, .../rvim and so on. If there
is no /home/bin, the users cannot log in at all, since I used
/home/bin/rbash as login shell. The restricted users cannot
change read-only variables nor execute programs from other paths
as /home/bin. Well, but they would find a way to break out, keep
it in mind...



Dieses Schreiben wurde maschinell erstellt,
es trägt daher weder Unterschrift noch Siegel.