Re: [PLUG] expect, /dev/pts, and a chroot

gabriel rosenkoetter on Thu, 2 Oct 2003 16:14:04 -0400

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] expect, /dev/pts, and a chroot

From: gabriel rosenkoetter <gr@eclipsed.net>

To: plug <plug@lists.phillylinux.org>

Subject: Re: [PLUG] expect, /dev/pts, and a chroot

Date: Thu, 2 Oct 2003 16:10:38 -0400

Mail-followup-to: plug <plug@lists.phillylinux.org>

Reply-to: plug@lists.phillylinux.org

Sender: plug-admin@lists.phillylinux.org

User-agent: Mutt/1.4.1i

On Thu, Oct 02, 2003 at 03:59:53PM -0400, Stephen Gran wrote: > steve:~$ apt-cache search restricted shell > rssh - Restricted shell allowing only scp and/or sftp Um, well, I guess. If all you want to do is transfer files. I'm thinking of something like rsh(1M) as on Solaris, not to be confused with rsh(1): rsh is a limiting version of the standard command inter- preter sh, used to restrict logins to execution environments whose capabilities are more controlled than those of sh (see sh(1) for complete description and usage). There's also an rksh(1) on Solaris, which is the Korn shell version. Like I said, I think bash(1) can do this too... Ah, here we go: If bash is started with the name rbash, or the -r option is supplied at invocation, the shell becomes restricted. A restricted shell is used to set up an environment more con- trolled than the standard shell. It behaves identically to bash with the exception that the following are disallowed or not performed: o changing directories with cd o setting or unsetting the values of SHELL, PATH, ENV, or BASH_ENV o specifying command names containing / o specifying a file name containing a / as an argument to the . builtin command o importing function definitions from the shell environ- ment at startup o parsing the value of SHELLOPTS from the shell environ- ment at startup o redirecting output using the >, >|, <>, >&, &>, and >> redirection operators o using the exec builtin command to replace the shell with another command o adding or deleting builtin commands with the -f and -d options to the enable builtin command o specifying the -p option to the command builtin command o turning off restricted mode with set +r or set +o res- tricted. These restrictions are enforced after any startup files are read. When a command that is found to be a shell script is exe- cuted (see COMMAND EXECUTION above), rbash turns off any restrictions in the shell spawned to execute the script. -- gabriel rosenkoetter gr@eclipsed.net
Attachment: pgpJsRK9Fn8zD.pgp
Description: PGP signature

References:

Re: [PLUG] expect, /dev/pts, and a chroot
From: gabriel rosenkoetter <gr@eclipsed.net>

Re: [PLUG] expect, /dev/pts, and a chroot
From: Stephen Gran <steve@lobefin.net>

Prev by Date: Re: [PLUG] DNS issues preventing my mail server from working

Next by Date: [PLUG] Web Application Server resources from PLUG meeting

Previous by thread: Re: [PLUG] expect, /dev/pts, and a chroot

Next by thread: Re: [PLUG] expect, /dev/pts, and a chroot

Index(es):

Date

Thread