Zsh Mailing List Archive Messages sorted by: Reverse Date, Date, Thread, Author

Re: restricted shell

X-seq: zsh-users 4413
From: Borsenkow Andrej <Andrej.Borsenkow@xxxxxxxxxxxxxx>
To: Emre Yildirim <emre@xxxxxxxxx>
Subject: Re: restricted shell
Date: 21 Oct 2001 23:00:49 +0400
Cc: zsh-users@xxxxxxxxxx
In-reply-to: <3BD314E4.8090802@xxxxxxxxxxxxx>
Mailing-list: contact zsh-users-help@xxxxxxxxxx; run by ezmlm
References: <3BD30F75.7060904@xxxxxxxxxxxxx> <20011021201625.F11977@xxxxxxxxxxxxxxxxxx> <3BD314E4.8090802@xxxxxxxxxxxxx>

On Вск, 2001-10-21 at 22:33, Emre Yildirim wrote:
> Ooops, Sorry I was reading the man page, and right after I sent this
> email, I saw the restricted shell section.  I have another question:
> 
> When I setup a restricted shell for a user, and let's say I put
> PATH=/r in his .zprofile and /r contains no binaries, he is still
> able to execute certain commands (like echo, pwd, export, etc).
> How can I restrict the execution of those commands as well?
> 

Using disable builtin. Make .zshrc read-only for user (or do it in
system zshrc and make user's home directory read-only) and put 

disable echo

there.

> Also there are programs like pine that allow users to break out of
> restricted shells.  Any tips on how to limit that as well?
> 

Do not allow user to run them :-) Really, that is everything you can do
- examine every program for possible back-doors before allowing
restricted users to execute them.

Pine allows you to have system-wide config file that takes precedence
over any user settings. Vim has restricted mode as well IIRC

-andrej

Follow-Ups:
- Re: restricted shell
  - From: Emre Yildirim
- Re: restricted shell
  - From: Nadav Har'El
- Re: restricted shell
  - From: Emre Yildirim

References:
- restricted shell
  - From: Emre Yildirim
- Re: restricted shell
  - From: Mads Martin Joergensen
- Re: restricted shell
  - From: Emre Yildirim

Messages sorted by: Reverse Date, Date, Thread, Author