Results 1 to 3 of 3

Thread: how to restrict rbash

Hybrid View

  1. #1
    Join Date
    Nov 2006
    Location
    40.31996,-80.607213
    Beans
    Hidden!
    Distro
    Ubuntu

    Re: how to restrict rbash

    rbash does not restrict anything.
    Put a knowledgeable geek behind that shell, and he can break out it in less that 15 seconds.
    "Security lies within the user of who runs the system. Think smart, live safe." - Dr Small
    Linux User #441960 | Wiki: DrSmall

  2. #2
    Join Date
    Feb 2007
    Beans
    1

    Re: how to restrict rbash

    rbash only gives you the possibility to restrict a login.

    Some points are:
    1. Set the users home directory to read-only (owned by root)
    2. Create a usr/bin inside the users home directory
    3. Symlink the commands you want to allow into this directory
    4. cleanup all .bash_* files (.bashrc, .bash_login, .bash_logout, etc.) - set PATH only to the directory of step 2
    (=> google is your friend)

    You really need to think about the commands you enable:
    e.g. vim has a option to enter a shell, so you could break out of the rbash with vi/vim => see here

    e.g. scp / ssh has some options which are dangerous, too - see here

    If the rbash is set up in a correct way it is secure.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •