hi all,
is it possible to restrict the user to run only specific commands the least possible.
say i create a user named "temp" and i want him to run only one shell executable called "b" can i do that..?
once he logs in he shouldnt be able to change to any other directory other than /home/temp (his home directory). So can I just make him stay in his home folder and run only one executable command.
is that possible...
please reply reagrding the same,
regards, mike.
On Fri, 24 Aug 2001, Mike_Bradz wrote:
is it possible to restrict the user to run only specific commands the least possible.
You want to use a restricted shell. bash is a restricted shell if you rename it to rbash (ya, it's that simple) or call it with the -r flag. An easy way to rename it is to create a symlink to bash called rbash:
% cd /bin % ln -s bash rbash
You set the user's shell as /bin/rbash In the user's .bash_profile file, set his path. Ideally, you want to create a subdirectory called bin in the user's home directory (/home/temp/bin in your case), and put whatever binaries are to be executed in there, including the actual binary of rbash (not the symlink).
You could chroot if you want to, but that isn't necessary if you use rbash, since cd is not allowed. The user can also not change preset environment variables, so set anything that you don't want them to change. Do all this in the .bash_profile file
Philip
Sometime today, Philip S Tellis wrote:
rename it to rbash (ya, it's that simple) or call it with the
Hey, cool!
you use rbash, since cd is not allowed. The user can also not change preset environment variables, so set anything that you don't want them to change. Do all this in the .bash_profile
Does that also mean that .bash_profile should be owned and readable by root? Otherwise the user can edit it, na?
Manish J.
On Fri, 24 Aug 2001, Manish Jethani wrote:
you use rbash, since cd is not allowed. The user can also not change preset environment variables, so set anything that you don't want them to change. Do all this in the .bash_profile
Does that also mean that .bash_profile should be owned and readable by root? Otherwise the user can edit it, na?
It depends. If you don't give the user access to editors, he can't edit anyway. output redirection is not allowed. Making it owned by root is a good idea.
Philip
firstly thanks all for your replies....
--- Philip S Tellis philip.tellis@iname.com wrote:
On Fri, 24 Aug 2001, Mike_Bradz wrote:
is it possible to restrict the user to run only
specific commands
the least possible.
You want to use a restricted shell. bash is a restricted shell if you rename it to rbash (ya, it's that simple) or call it with the -r flag.
rbash works only for the cd command. i can still use other commands . i created a symlink bash file called rbash and changed the shell of the user to rbash. now he logs in with rbash and gets restricted to cd command.
but he can do a "cat /etc/passwd" and see all user logins which i dont want him to. I just want him to run one executable that i create.
also can some one refresh my memory on the command that causes a command execution to be paused for a specified time.like say i have 2 commands running in a shell script, in between them i need to pause for a few seconds before the next command starts.
thanks once again, mike.
__________________________________________________ Do You Yahoo!? Make international calls for as low as $.04/minute with Yahoo! Messenger http://phonecard.yahoo.com/
On Fri, 24 Aug 2001, Mike bradz wrote:
rbash works only for the cd command. i can still use other commands . i created a symlink bash file called rbash and changed the shell of the user to rbash. now he logs in with rbash and gets restricted to cd command.
but he can do a "cat /etc/passwd" and see all user logins which i dont want him to. I just want him to run one executable that i create.
Right. You'll have to do a chroot then. Copy all binaries that you need (along with any libraries/config files needed) to /home/temp. You may have to reconstruct the directory structure under here. Then, chroot to /home/temp (in .bash_profile) and set the PATH as it is normally (/bin:/usr/bin). Just make sure that there are directories /home/temp/bin and /home/temp/usr/bin. Make sure these directories are owned by root and not writable.
also can some one refresh my memory on the command that causes a command execution to be paused for a specified time.like say i have 2 commands running in a shell script, in between them i need to pause for a few seconds before the next command starts.
sleep
thanks all for replying. thanks for the sleep command tellis.
how do i in a shell script logout once the shell script is finished running, i mean to say that, in the shell script i want to write in a command that would just log me out of the shell once the shell script finishes executing.
can it be done using the exit command , because i have tried with the exit command by creating a new shell script called "exit" and calling it in the old shell script.
but it doesnt seem to log me out.
any ideas....
thanks for all the replies,
regards, mike.
__________________________________________________ Do You Yahoo!? Make international calls for as low as $.04/minute with Yahoo! Messenger http://phonecard.yahoo.com/
On Fri, 24 Aug 2001, Mike bradz wrote:
how do i in a shell script logout once the shell script is finished running, i mean to say that, in the shell script i want to write in a command that would just log me out of the shell once the shell
exit will exit from the script. try logout.
Philip
Sometime today, Philip S Tellis wrote:
On Fri, 24 Aug 2001, Mike bradz wrote:
how do i in a shell script logout once the shell script is finished running, i mean to say that, in the shell script i want to write in a command that would just log me out of the shell once the shell
exit will exit from the script. try logout.
logout will logout from the script shell. :) Try something else. Maybe you'll just have to kill (term) the parent shell process.
Manish J.
i tried logout philip but all it says is that i havent used login so i cant use logout, and says try exit instead.
once i exit from the shell script if i type exit again i get logged out, but i want to end the session once the shell script finishes executing.
_________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com
Sometime Today, Mike_Bradz assembled some asciibets to say:
once i exit from the shell script if i type exit again i get logged out, but i want to end the session once the shell script finishes executing.
Ok, from your earlier thread, I think I know what you want. Fall back to VSNL's shell access. They had a menu, and when one selected exit, it would disconnect. You want a similar program that will run on login, and automatically logout when done. The solution is easier than you think, and does not require any restricted shell, or anything else.
Just set the user's shell as the program that has to be executed.
For example, I have a login called survey, that runs a program called survey when someone logs in, and quits immediately afterward.
In /etc/passwd, I just set the shell to /home/survey/bin/survey. The home directory can be anything depending on what your program requires.
Philip
On Aug 25, 2001 at 02:51, Philip S Tellis wrote:
Just set the user's shell as the program that has to be executed.
In /etc/passwd, I just set the shell to /home/survey/bin/survey. The home directory can be anything depending on what your program requires.
You may need to stick it in /etc/shells as well.
Sometime today, Mike_Bradz wrote:
once i exit from the shell script if i type exit again i get logged out, but i want to end the session once the shell script finishes executing.
Maybe you should do a "./myscript.sh; exit", or create an alias for it. Just "exit" in the script will only exit from the subshell in which the script runs.
Manish J.
thanks all for all you replies and philip once i made that script as my login shell as you have said, i get out of the shell as soon as the script executes, right bang on target to what i wanted.
thanks all of you guys for all the help given,
regards, Mike.
_________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com
HI,
it should be called directly and not forma shell script. probably u could also try using the logout command directly from the shell sctipr.
Best Regards,
pm
On Aug 24, 2001 at 04:50, Mike bradz wrote:
also can some one refresh my memory on the command that causes a command execution to be paused for a specified time.like say i have 2 commands running in
sleep.
On Fri, 24 Aug 2001, Mike_Bradz spewed into the ether:
is it possible to restrict the user to run only specific commands the least possible.
Use ssh with appropriate keys and associated commands, if you want the user to be able to run only a single command. See man ssh for the exact syntax.
Devdas Bhagat
-
Devdas Bhagat -
Manish Jethani -
Mike bradz -
Mike_Bradz
-
Parag Mehta -
Philip S Tellis -
Satya