*BSD News Article 53079


Return to BSD News archive

Path: euryale.cc.adfa.oz.au!newshost.anu.edu.au!harbinger.cc.monash.edu.au!simtel!zombie.ncsc.mil!news.mathworks.com!newsfeed.internetmci.com!howland.reston.ans.net!Germany.EU.net!Dortmund.Germany.EU.net!interface-business.de!not-for-mail
From: j@interface-business.de (J Wunsch)
Newsgroups: comp.unix.bsd.bsdi.misc
Subject: Re: rsh , help please
Date: 20 Oct 1995 10:27:41 +0100
Organization: interface business GmbH, Dresden
Lines: 22
Message-ID: <467q2d$38v@ida.interface-business.de>
References: <464g7n$g1v@mippet.ci.com.au>
NNTP-Posting-Host: ida.interface-business.de

Ferry Winarta  <ferryw@softplus.com.au> wrote:

>I tried to configure a user to use restricted shell,
>by creating a file called /bin/resh ( which contained /bin/sh -r ), and 
>then change user's shell to /bin/resh through vipw ( I don't think, this 
>is the correct procedure).

Note that the so-called "restricted" shells are one of the most
inviting security holes (at least, when being used as interactive
shell).

>Did I miss something , or this is impossible ?

I think you need some more tweaking.  Some special inetd, for example.

Of course, ftp-only users don't really need a working shell, as long
as the value of their login shell password field is mentioned in
/etc/shells.
-- 
J"org Wunsch					       Unix support engineer
joerg_wunsch@interface-business.de
					[private: http://www.sax.de/~joerg/]