On Tue, Nov 14, 2000 at 04:34:33PM +0100, Jan Martin Mathiassen wrote: > On Tue, Nov 14, 2000 at 01:30:57PM -0200, Pedro Zorzenon Neto wrote: > > I put /bin/rbash as the default shell (in /etc/passwd) for some users that > > I just want them to use a restricted login. > > > > When the user logs in, rbash is being executed and the restricted login is > > working well. But, if the user executes 'bash', everything becames > > unrestricted.
[goes away and plays with rbash for a bit] > > How can I deny the execution of shells inside rbash? > My first thought would be to remove the executable flag for other users, > make a special group for bash, and add anyone that should have access to > bash in that group. No; restricting just shells is useless if you leave other commands open. >From my very brief look, it appears that rbash essentially prevents you running commands outside of your PATH. Clearly it has NO security value unless you set their PATH to a directory with only the few commands you want them to be allowed to run. -- Colin Phipps <[EMAIL PROTECTED]> http://www.netcraft.com/
