Date: Wed, 12 Jan 2000 12:08:07 +0600 From: Mojahedul Hoque Abul Hasanat <mojahed@citechco.net> To: FreeBSD-Questions@FreeBSD.ORG Subject: Re: Question about restricted shell account. Message-ID: <20000112120806.A379@mars.cosmos.net> In-Reply-To: <4.2.0.58.20000110011322.00b318d0@mail.enterit.com> References: <Pine.BSF.4.10.10001101502570.75543-100000@iteso.mx> <20000110181654.1149.qmail@nwcst289.netaddress.usa.net> <Pine.BSF.4.10.10001101502570.75543-100000@iteso.mx> <20000111113354.B313@mars.cosmos.net> <4.2.0.58.20000110011322.00b318d0@mail.enterit.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Jan 10, 2000 at 01:19:25AM -0500, Jim Conner wrote: > > > >A restricted shell will not prevent them from running another > >shell (bash, tcsh, ...) or program like emacs and changing the > >directory. > > From what I understand about rksh and some others this is not > entirely accurate. rksh will only run whats in the PATH > ... > and place only the binaries you allow for that user to execute > then you should be safe. I agree with you here. > [ snip ] > Essentially, this restricted shell is chroot'ed (as far as I > understand a chroot to be) plus more restricted since the user > can't cd. Once you chroot, you can not access anything outside the chroot jail in any way. But with only a restricted shell, you have to be very careful on what you place in PATH. You have to make sure that no program can do a cd or run something outside PATH. Even a harmless vi can ruin your day. So, you may still want to use chroot in addition to a restricted shell. -- Mojahed To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000112120806.A379>