InfinityQuest - Programming Code Tutorials and Examples with Python, C++, Java, PHP, C#, JavaScript, Swift and more

Menu
  • Home
  • Sitemap

Python Programming Language Best Tutorials and Code Examples

Learn Python Right Now!
Home
Bash
Restricting Guest Users in bash
Bash

Restricting Guest Users in bash

InfinityCoder February 28, 2017

The material concerning the restricted shell in this recipe also appears in Learning the bash Shell by Cameron Newman (O’Reilly).

You need to allow some guest users on your system and need to restrict what they can do.

Avoid using shared accounts if possible, since you lose accountability and create logistical headaches when users leave and you need to change the password and inform the other users.

Create separate accounts with the least possible permissions necessary to do whatever is needed.

Consider using:

• bash’s restricted shell

The restricted shell is designed to put the user into an environment where their ability to move around and write files is severely limited.

It’s usually used for guest accounts.

You can make a user’s login shell restricted by putting rbash in the user’s /etc/passwd entry if this option was included when bash was compiled.
The specific constraints imposed by the restricted shell disallow the user from doing the following:
• Changing working directories: cd is inoperative. If you try to use it, you will get the error message from bash cd:restricted .
• Redirecting output to a file: the redirectors >, >|, <>, and >> are not allowed.
• Assigning a new value to the environment variables $ENV, $BASH_ENV, $SHELL, or $PATH.
• Specifying any commands with slashes (/) in them. The shell will treat files outside of the current directory as “not found.”
• Using the exec built-in.
• Specifying a filename containing a / as an argument to the . (source) built-in command.
• Importing function definitions from the shell environment at startup.
• Adding or deleting built-in commands with the -f and -d options to the enable built-in command.
• Specifying the -p option to the command built-in command.
• Turning off restricted mode with set +r.

These restrictions go into effect after the user’s .bash_profile and environment files are run.

In addition, it is wise to change the owner of the users’ .bash_profile and .bashrc to root, and make these files read-only.

The user’s home directory should also be made read-only.
This means that the restricted shell user’s entire environment is set up in /etc/profile and .bash_profile.

Since the user can’t access /etc/profile and can’t overwrite .bash_ profile, this lets the system administrator configure the environment as he sees fit.
Two common ways of setting up such environments are to set up a directory of safe commands and have that directory be the only one in PATH, and to set up a command menu from which the user can’t escape without exiting the shell.

Note that the original Bourne shell has a restricted version called rsh, which may be confused with the so-called r-tools (rsh, rcp, rlogin, etc.)

Remote Shell program, which is also rsh.

The very insecure Remote Shell rsh has been mostly replaced (we most sincerely hope) by SSH (the Secure Shell).

Share
Tweet
Email
Prev Article
Next Article

Related Articles

Showing Where You Are in bash
You are not sure what directory you are in, and …

Showing Where You Are in bash

Reusing Code with Includes and Sourcing in bash
There are a set of shell variable assignments that you …

Reusing Code with Includes and Sourcing in bash

About The Author

InfinityCoder
InfinityCoder

Leave a Reply

Cancel reply

Recent Tutorials InfinityQuest

  • Adding New Features to bash Using Loadable Built-ins in bash
    Adding New Features to bash Using Loadable …
    June 27, 2017 0
  • Getting to the Bottom of Things in bash
    Getting to the Bottom of Things in …
    June 27, 2017 0

Recent Comments

  • fer on Turning a Dictionary into XML in Python
  • mahesh on Turning a Dictionary into XML in Python

Categories

  • Bash
  • PHP
  • Python
  • Uncategorized

InfinityQuest - Programming Code Tutorials and Examples with Python, C++, Java, PHP, C#, JavaScript, Swift and more

About Us

Start learning your desired programming language with InfinityQuest.com.

On our website you can access any tutorial that you want with video and code examples.

We are very happy and honored that InfinityQuest.com has been listed as a recommended learning website for students.

Popular Tags

binary data python CIDR convert string into datetime python create xml from dict python dictionary into xml python how to create xml with dict in Python how to write binary data in Python IP Address read binary data python tutorial string as date object python string to datetime python

Archives

  • June 2017
  • April 2017
  • February 2017
  • January 2017
  • December 2016
  • November 2016
Copyright © 2021 InfinityQuest - Programming Code Tutorials and Examples with Python, C++, Java, PHP, C#, JavaScript, Swift and more
Programming Tutorials | Sitemap