Problems with restricted shell (bash2 -r)

Problems with restricted shell (bash2 -r)

Post by Doug Pouli » Fri, 29 Sep 2000 04:00:00



According to the manual (which now follows)

These restrictions are enforced after any startup files are read.

When a command that is found to be a shell script is exe- cuted (see COMMAND
EXECUTION above), rbash turns off any restrictions in the shell spawned to
execute the script.
--------

It would appear from this that you should be able to have "/" and redirects
in the .bash_profile or in any script that the user invokes. Neither appears
to be true. bash2 -r complains about both and will not execute them either
as a logon script or otherwise. Does anyone have any ideas or experience
with this?  What am I doing wrong?

 
 
 

Problems with restricted shell (bash2 -r)

Post by Jehs » Fri, 29 Sep 2000 04:00:00



> When a command that is found to be a shell script is exe- cuted (see COMMAND
> EXECUTION above), rbash turns off any restrictions in the shell spawned to
> execute the script.
> --------
> It would appear from this that you should be able to have "/" and redirects
> in the .bash_profile or in any script that the user invokes.

No, .bash_profile is sourced, meaning it is executed in the *current* shell.
Have you really tried running a shell script with '/' commands in it and
been unsuccessful?

Moshe

--

wreck.org bellsouth.net resnet.gatech.edu burdell.org yo.dhs.org gooning.org

usa.net; ICQ 1900670

 
 
 

Problems with restricted shell (bash2 -r)

Post by Doug Pouli » Fri, 29 Sep 2000 04:00:00


We try to execute the following script file (called login_log) in the
.bash_profile file

----------------
T1=`tty`
DT=`date "+%b %d %H:%M"`
echo "$LOGNAME     $T1  $DT" >>  /l/logs/login_log
------------------

the .bash_profile file looks like this
---------------------
# .bash_profile  -- Commands executed at login for Restricted Bash shell
users

TERM=vt102; export TERM

PATH=/usr/rbin
readonly PATH

readonly HOME HZ IFS LOGNAME MAIL MAILCHECK OPTIND TERM TZ

login_log                    # capture login info
----------------------

login_log exists in /usr/rbin

The error I get is:
/usr/rbin/login_log: /l/logs/login_log: restricted: cannot redirect output



> > When a command that is found to be a shell script is exe- cuted (see
COMMAND
> > EXECUTION above), rbash turns off any restrictions in the shell spawned
to
> > execute the script.
> > --------
> > It would appear from this that you should be able to have "/" and
redirects
> > in the .bash_profile or in any script that the user invokes.

> No, .bash_profile is sourced, meaning it is executed in the *current*
shell.
> Have you really tried running a shell script with '/' commands in it and
> been unsuccessful?

> Moshe

> --

> wreck.org bellsouth.net resnet.gatech.edu burdell.org yo.dhs.org
gooning.org


> usa.net; ICQ 1900670

 
 
 

1. Problems with restricted bash2 shells

I need to have users log into our server using a restricted shell.  This is
using Red Hat Linux 6.1.  I can't put '/bin/bash2 -r' into /etc passwd
because it won't pass the argument along and all I get is a regular shell.
If I copy the bash2 binary and create a duplicate file called rbash2, I get
a restricted shell, but it is not the same as running bash2 -r.  For one
thing the cd command still works and you can cd all over the file system
(not good).  rbash2 and bash2 -r are supposed to be the same, but aren't.  I
also tried putting an exec '/bin/bash2 -r' into the /etc/profile and I still
get this half baked restricted shell.  Somebody please help.  I can't figure
this one out.

--
Doug Poulin

2. How to change a user password with one command or script?

3. restricted shell/restricting login

4. cache and main memory

5. restricted shell or restricted access

6. binary files, finding differences within

7. restricted shell - not so restrict

8. Migrating a NS Enterprise server collection to another server

9. Bash2.03 shell initialization files: a sample?

10. rksh shell, how do i stop .profile from loading in restricted shell

11. Restricted Shell Script for Free Shell

12. restricted shell problem

13. Restricted shell problems