Need help modifying users profile to use bash -r at login
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Can someone tell me how to set up the bash profile so that when a user logs in, bash -r is executed giving them restricted shell?
Not in the profile but by linking /path/to/bash to /path/to/rbash and using /path/to/rbash in their passwd entry. You may have arrived at the conclusion Rbash serves your purposes based on you 0) not knowing anything else, 1) not wanting to fiddle with depencencies like required for a proper chroot jail or 2) some other reason, but please note of all the access restriction measures you can implement Rbash actually is one of the weakest ones. If you post exactly what you require Rbash for maybe we could help you more or better...
Not in the profile but by linking /path/to/bash to /path/to/rbash and using /path/to/rbash in their passwd entry. You may have arrived at the conclusion Rbash serves your purposes based on you 0) not knowing anything else, 1) not wanting to fiddle with depencencies like required for a proper chroot jail or 2) some other reason, but please note of all the access restriction measures you can implement Rbash actually is one of the weakest ones. If you post exactly what you require Rbash for maybe we could help you more or better...
Yes, I guess it would help to be more specific. I need to improve secutiry on my FTP server. Specifically logins via sftp from leaving their home directory. I've managed to lock down ftp logins by modifying the vsftpd.conf file. It appears that my best recourse is building a chroot jail, something I'm not familiar with.
From the testing I've recently done, modifying the shell doesn't affect SFTP logins, so the rbash scenario is out the window. The OS on this server is CentOS 5.3 if that helps.
It appears that my best recourse is building a chroot jail, something I'm not familiar with.
You're in luck. Not only for having chosen a robust FTP daemon with a good security record, but one with extensive documentation (no hidden sarcasm there). So all you have to want to do is read /usr/share/doc/vsftpd-.*/EXAMPLE/.*.
Quote:
Originally Posted by tljacobs
From the testing I've recently done, modifying the shell doesn't affect SFTP logins, so the rbash scenario is out the window. The OS on this server is CentOS 5.3 if that helps.
Yeah, SFTP != FTPS. Since version 4.9 OpenSSH has chroot functionality (as in chrootssh.sourceforge.net) built in, else there's Rssh and SCPOnly. If yous earch this forum you're bout to find threads, else check out http://www.linuxquestions.org/questi...oblems-597142/.
Last edited by unSpawn; 02-26-2009 at 12:39 PM.
Reason: %docdir
You're in luck. Not only for having chosen a robust FTP daemon with a good security record, but one with extensive documentation (no hidden sarcasm there). So all you have to want to do is read /usr/share/doc/vsftpd-.*/EXAMPLE/.*.
Yeah, SFTP != FTPS. Since version 4.9 OpenSSH has chroot functionality (as in chrootssh.sourceforge.net) built in, else there's Rssh and SCPOnly. If yous earch this forum you're bout to find threads, else check out http://www.linuxquestions.org/questi...oblems-597142/.
thanks very much for you input and advice. I'll check out the documentation.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.