From owner-freebsd-questions  Tue Sep  3 14:22:39 2002
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id AB35B37B400
	for <freebsd-questions@freebsd.org>; Tue,  3 Sep 2002 14:22:37 -0700 (PDT)
Received: from be-well.ilk.org (lowellg.ne.client2.attbi.com [24.147.188.198])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 91F8843E65
	for <freebsd-questions@freebsd.org>; Tue,  3 Sep 2002 14:22:36 -0700 (PDT)
	(envelope-from freebsd-questions-local@be-well.no-ip.com)
Received: from be-well.ilk.org (lowellg.ne.client2.attbi.com [24.147.188.198])
	by be-well.ilk.org (8.12.5/8.12.5) with ESMTP id g83LMULu027892
	for <freebsd-questions@freebsd.org>; Tue, 3 Sep 2002 17:22:30 -0400 (EDT)
	(envelope-from freebsd-questions-local@be-well.no-ip.com)
Received: (from lowell@localhost)
	by be-well.ilk.org (8.12.5/8.12.5/Submit) id g83LMTGC027889;
	Tue, 3 Sep 2002 17:22:29 -0400 (EDT)
X-Authentication-Warning: be-well.ilk.org: lowell set sender to freebsd-questions-local@be-well.ilk.org using -f
To: freebsd-questions@freebsd.org
Subject: Re: restricted shell
References: <20020903155040.GA66479@studnet.sk>
From: Lowell Gilbert <freebsd-questions-local@be-well.no-ip.com>
Date: 03 Sep 2002 17:22:28 -0400
In-Reply-To: <20020903155040.GA66479@studnet.sk>
Message-ID: <44znuyahuz.fsf@be-well.ilk.org>
Lines: 14
User-Agent: Gnus/5.09 (Gnus v5.9.0) Emacs/21.2
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

Radko Keves <rado@studnet.sk> writes:

> hi all i have question about restricted shell (for example rbash)
> SHELL enviroment is read only, but user can run another shell if is in PATH, can i disallow changing shell?
> i don't want get out all shells of PATH  (because there is a problem with . option in path and users own programs)

If users are allowed to run their own programs, they will have little
trouble getting an unrestricted shell if they want to.  If you are
trying to do this as a form of security, you'll need to use chroot(8)
or jail(8).

Restricted shells are primarily useful for cases where you're trying
to avoid shooting yourself in the foot, not where you need to stop a
possibly malicious user.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message