Zsh Mailing List Archive
Messages sorted by:
Reverse Date,
Date,
Thread,
Author
Re: restricted shell
- X-seq: zsh-users 4413
- From: Borsenkow Andrej <Andrej.Borsenkow@xxxxxxxxxxxxxx>
- To: Emre Yildirim <emre@xxxxxxxxx>
- Subject: Re: restricted shell
- Date: 21 Oct 2001 23:00:49 +0400
- Cc: zsh-users@xxxxxxxxxx
- In-reply-to: <3BD314E4.8090802@xxxxxxxxxxxxx>
- Mailing-list: contact zsh-users-help@xxxxxxxxxx; run by ezmlm
- References: <3BD30F75.7060904@xxxxxxxxxxxxx> <20011021201625.F11977@xxxxxxxxxxxxxxxxxx> <3BD314E4.8090802@xxxxxxxxxxxxx>
On Вск, 2001-10-21 at 22:33, Emre Yildirim wrote:
> Ooops, Sorry I was reading the man page, and right after I sent this
> email, I saw the restricted shell section. I have another question:
>
> When I setup a restricted shell for a user, and let's say I put
> PATH=/r in his .zprofile and /r contains no binaries, he is still
> able to execute certain commands (like echo, pwd, export, etc).
> How can I restrict the execution of those commands as well?
>
Using disable builtin. Make .zshrc read-only for user (or do it in
system zshrc and make user's home directory read-only) and put
disable echo
there.
> Also there are programs like pine that allow users to break out of
> restricted shells. Any tips on how to limit that as well?
>
Do not allow user to run them :-) Really, that is everything you can do
- examine every program for possible back-doors before allowing
restricted users to execute them.
Pine allows you to have system-wide config file that takes precedence
over any user settings. Vim has restricted mode as well IIRC
-andrej
Messages sorted by:
Reverse Date,
Date,
Thread,
Author