Restricted Shell
The next degree of limitation is to be a restricted shell. In this case, a version of a normal bash shell will prevent users from changing the directory and environment variables, redirecting output, running commands with absolute pathnames, using exec command and some other actions. Restrictions are not enforced for shell scripts. See man bash for more details. Combining rbash with a restrictive configuration of UNIX permissions can help achieve further security.
Rbash is a viable choice if you are trying to somewhat contain trusted users. Its restrictions can be easily overcome (see below).
To test rbash restricted shell functionality:
# adduser nst
# ln -s /bin/bash /bin/rbash
# echo "/bin/rbash" >> /etc/shells
# chsh -s /bin/rbash nst
# cd ~nst
# su nst
$
and then:
$ cd /
rbash: cd: restricted
Note:This has been tested in Ubunut and Redhat linux machines.
1) This post is for only the bash shell, i want to know this will work in all the remaining shells.
ReplyDeletei.e C Shell and others
2) This post will work in all the Unix based system like Mac/IBM UX.