Zsh Mailing List Archive
Messages sorted by: Reverse Date, Date, Thread, Author

Re: restricted shell



On Вск, 2001-10-21 at 22:33, Emre Yildirim wrote:
> Ooops, Sorry I was reading the man page, and right after I sent this
> email, I saw the restricted shell section.  I have another question:
> 
> When I setup a restricted shell for a user, and let's say I put
> PATH=/r in his .zprofile and /r contains no binaries, he is still
> able to execute certain commands (like echo, pwd, export, etc).
> How can I restrict the execution of those commands as well?
> 

Using disable builtin. Make .zshrc read-only for user (or do it in
system zshrc and make user's home directory read-only) and put 

disable echo

there.

> Also there are programs like pine that allow users to break out of
> restricted shells.  Any tips on how to limit that as well?
> 

Do not allow user to run them :-) Really, that is everything you can do
- examine every program for possible back-doors before allowing
restricted users to execute them.

Pine allows you to have system-wide config file that takes precedence
over any user settings. Vim has restricted mode as well IIRC

-andrej




Messages sorted by: Reverse Date, Date, Thread, Author