rbash does not restrict anything.
Put a knowledgeable geek behind that shell, and he can break out it in less that 15 seconds.
░▒▓»§«▓▒░
rbash does not restrict anything.
Put a knowledgeable geek behind that shell, and he can break out it in less that 15 seconds.
"Security lies within the user of who runs the system. Think smart, live safe." - Dr Small
Linux User #441960 | Wiki: DrSmall
First Cup of Ubuntu
rbash only gives you the possibility to restrict a login.
Some points are:
1. Set the users home directory to read-only (owned by root)
2. Create a usr/bin inside the users home directory
3. Symlink the commands you want to allow into this directory
4. cleanup all .bash_* files (.bashrc, .bash_login, .bash_logout, etc.) - set PATH only to the directory of step 2
(=> google is your friend)
You really need to think about the commands you enable:
e.g. vim has a option to enter a shell, so you could break out of the rbash with vi/vim => see here
e.g. scp / ssh has some options which are dangerous, too - see here
If the rbash is set up in a correct way it is secure.
Posting Permissions
Adv Reply
Bookmarks