[TriLUG] Using a restricted shell for limited access to a remote system
jonc
jonc at nc.rr.com
Thu Mar 2 15:20:04 EST 2006
We were just play around in IRC and I ran across this nice link. Sharing
is fundamental to OpenSources, so here it is...
Jon
====
http://www.unix.org.ua/orelly/networking/puis/ch08_01.htm
Note: rsh is NOT "remote shell" at least not in this context.
8.1.4.5 How to set up a restricted account with rsh
To set up a restricted account that uses rsh, you must:
* Create a special directory containing only the programs that the
restricted shell can run.
* Create a special user account that has the restricted shell as
its login shell.
NOTE: The setup we show in the following example is not entirely
safe, as we explain later in this chapter.
For example, to set up a restricted shell that lets guests play rogue
and hack, and use the talk program, first create a user called player
that has /bin/rsh as its shell and /usr/rsh/home as its home directory:
player::100:100:The Games Guest user:/usr/rshhome:/bin/rsh
Next, create a directory for only the programs you want the guest to
use, and fill the directory with the appropriate links:
# mkdir /usr/rshhome /usr/rshhome/bin
# ln /usr/games/hack /usr/rshhome/bin/hack
# ln /usr/games/rogue /usr/rshhome/bin/rogue
# ln /usr/bin/talk /usr/rshhome/bin/talk
# chmod 555 /usr/rshhome/bin
# chmod 555 /usr/rshhome
Finally, create a .profile for the player user that sets the PATH
environment variable and prints some instructions:
# cat > /usr/rshhome/.profile
/bin/echo This guest account is only for the use of authorized guests.
/bin/echo You can run the following programs:
/bin/echo rogue A role playing game
/bin/echo hack A better role playing game
/bin/echo talk A program to talk with other people.
/bin/echo
/bin/echo Type "logout" to log out.
PATH=/usr/rshhome/bin
SHELL=/bin/rsh
export PATH SHELL
^D
# chmod 444 /usr/rshhome/.profile
# chown player /usr/rshhome/.profile
# chmod 500 /usr/rshhome
More information about the TriLUG
mailing list