LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 08-27-2009, 07:25 AM   #1
robertjinx
Member
 
Registered: Oct 2007
Location: Prague, CZ
Distribution: RedHat / CentOS / Ubuntu / SUSE / Debian
Posts: 747

Rep: Reputation: 73
bash and sh question on Ubuntu Server


Hello, I got a server with some users. Their default shell is bash and sh is a link to bash.

If the user switches from bash to sh, everything is changing, the PS1, setup and so on.

My question is, what does sh need to read or have to have the same setup as bash. Every user has .bashrc, .bash_profile, .profile, but seems nothing really matters, because sh is not reading them.

Besides this, there are some settings in /etc/profile which work in bash, but not in sh.

Does anyone know what does sh need to be the same as bash?
 
Old 08-27-2009, 07:38 AM   #2
colucix
LQ Guru
 
Registered: Sep 2003
Location: Bologna
Distribution: CentOS 6.5 OpenSuSE 12.3
Posts: 10,509

Rep: Reputation: 1978Reputation: 1978Reputation: 1978Reputation: 1978Reputation: 1978Reputation: 1978Reputation: 1978Reputation: 1978Reputation: 1978Reputation: 1978Reputation: 1978
An excerpt from man bash:
Quote:
If bash is invoked with the name sh, it tries to mimic the startup behavior of historical
versions of sh as closely as possible, while conforming to the POSIX standard as well.
Even if sh is a symlink to bash, the shell check how it has been invoked and acts accordingly. You can think as a way to run bash in compatibility mode. Some of the features of bash are disabled in this way.

[EDIT]regarding the initialization scripts, the old Bourne shell used $HOME/.profile and /etc/profile only. .bashrc is not parsed by /bin/sh.[/EDIT]

Last edited by colucix; 08-27-2009 at 07:42 AM.
 
Old 08-27-2009, 07:41 AM   #3
robertjinx
Member
 
Registered: Oct 2007
Location: Prague, CZ
Distribution: RedHat / CentOS / Ubuntu / SUSE / Debian
Posts: 747

Original Poster
Rep: Reputation: 73
I got that, but I didnt asked for "history". I need to know how to make some variables from bash to work also for sh.

For example HISTFILE in bash is readonly, but in sh is not anymore, which is a big problem.
 
Old 08-27-2009, 08:16 AM   #4
catkin
LQ 5k Club
 
Registered: Dec 2008
Location: Tamil Nadu, India
Distribution: Debian
Posts: 8,577
Blog Entries: 31

Rep: Reputation: 1195Reputation: 1195Reputation: 1195Reputation: 1195Reputation: 1195Reputation: 1195Reputation: 1195Reputation: 1195Reputation: 1195
Quote:
Originally Posted by robertjinx View Post
I got that, but I didnt asked for "history". I need to know how to make some variables from bash to work also for sh.

For example HISTFILE in bash is readonly, but in sh is not anymore, which is a big problem.
What exactly are you trying to achieve? This thread feels like you have decided on a solution and are asking how to make the solution work whereas there may be better solutions.

Why are users switching from bash to sh and why do you want sh to behave the same as bash?
 
Old 08-27-2009, 08:21 AM   #5
ddaemonunics
Member
 
Registered: May 2008
Location: Romania
Distribution: Debian
Posts: 242

Rep: Reputation: 41
/bin/sh ... google says that stands for Bourne shell
/bin/bash...google says that stands for Bourne Again shell

so the "history" helps in your case

Depending on which shell is set up as your default, your user profile can be one of the following:

*

.profile (for the Bourne and Korn shells)
*

.bash_profile (for the Bourne Again shell)
*

.login and .cshrc (for the C shell)
*

.tcshrc and .cshrc (for the TC shell)
*

.zlogin and .zshrc (for the Z shell)


BUT..
# ~/.profile: executed by the command interpreter for login shells.
# This file is not read by bash(1), if ~/.bash_profile or ~/.bash_login
# exists.

so put all variables in .profile...and delete .bash_profile and .bash_login
maybe then sh and bash will load only from .profile
Hope it works

Last edited by ddaemonunics; 08-27-2009 at 08:33 AM.
 
Old 08-27-2009, 08:28 AM   #6
robertjinx
Member
 
Registered: Oct 2007
Location: Prague, CZ
Distribution: RedHat / CentOS / Ubuntu / SUSE / Debian
Posts: 747

Original Poster
Rep: Reputation: 73
OK! Again, my users default shell is bash, this doesn't mean they can't use "sh", but the problem is, that they can remove the history. For example I set for bash HISTFILE and HISTSIZE to readonly, this means they can't do:

unset HISTFILE

but, if they switch to "sh" then unset HISTFILE works, as it doesn't read the same "setup" file like bash.

Usually bash uses /etc/profile /etc/bash.bashrc ~/.bashrc ~/.bash_profile and ~/.profile, but seems "sh" doesn't which gives the users the possibilty to hide what he/she is doing, as I cant stay on the server 24/7 to make sure they dont use exploits and so on.

So i need a way to log what a user is doing even if he/she is switching to "sh".

I've done this for bash and was simple, but "sh" gives me problems.
 
Old 08-27-2009, 08:58 AM   #7
ddaemonunics
Member
 
Registered: May 2008
Location: Romania
Distribution: Debian
Posts: 242

Rep: Reputation: 41
In this situation...if I make a script and put there some commands...and then execute the script ..and then delete the script ..the bash history..shows the script name..not the executed commands.
Maybe you should take a look at acct.
http://www.linuxjournal.com/article/6144

But sorry for not giving a exact solution to you problem.
 
Old 08-27-2009, 09:03 AM   #8
ilikejam
Senior Member
 
Registered: Aug 2003
Location: Glasgow
Distribution: Fedora / Solaris
Posts: 3,109

Rep: Reputation: 96
By the way, your solution to logging commands doesn't work for bash anyway...
Code:
[root@atlas ~]# su - malicious
[malicious@atlas ~]$ tail -n 1 .bash_history
echo pre exploit
[malicious@atlas ~]$ echo exploit run
exploit run
[malicious@atlas ~]$ ps
  PID TTY          TIME CMD
19186 pts/0    00:00:00 bash
19231 pts/0    00:00:00 ps
[malicious@atlas ~]$ kill -9 19186
[root@atlas ~]# tail -1 ~malicious/.bash_history
echo pre exploit
[root@atlas ~]#
 
Old 08-27-2009, 09:18 AM   #9
colucix
LQ Guru
 
Registered: Sep 2003
Location: Bologna
Distribution: CentOS 6.5 OpenSuSE 12.3
Posts: 10,509

Rep: Reputation: 1978Reputation: 1978Reputation: 1978Reputation: 1978Reputation: 1978Reputation: 1978Reputation: 1978Reputation: 1978Reputation: 1978Reputation: 1978Reputation: 1978
Forcing sh to act as bash equals to disabling sh. You can just remove the link /bin/sh and define an alias:
Code:
alias sh='bash'
in /etc/profile or /etc/bashrc.

Last edited by colucix; 08-27-2009 at 04:00 PM. Reason: Sometimes I'd need some more coffee before posting....
 
Old 08-27-2009, 09:47 AM   #10
catkin
LQ 5k Club
 
Registered: Dec 2008
Location: Tamil Nadu, India
Distribution: Debian
Posts: 8,577
Blog Entries: 31

Rep: Reputation: 1195Reputation: 1195Reputation: 1195Reputation: 1195Reputation: 1195Reputation: 1195Reputation: 1195Reputation: 1195Reputation: 1195
Quote:
Originally Posted by robertjinx View Post
So i need a way to log what a user is doing even if he/she is switching to "sh".
If your organisation's security policy is strict (anal?) enough to require that then can't the policy also forbid use of sh?
 
Old 08-27-2009, 09:52 AM   #11
catkin
LQ 5k Club
 
Registered: Dec 2008
Location: Tamil Nadu, India
Distribution: Debian
Posts: 8,577
Blog Entries: 31

Rep: Reputation: 1195Reputation: 1195Reputation: 1195Reputation: 1195Reputation: 1195Reputation: 1195Reputation: 1195Reputation: 1195Reputation: 1195
Quote:
Originally Posted by colucix View Post
Forcing sh to act as bash equals to disabling sh. You can just remove the link /bin/sh and define an alias:
Code:
alias sh='bash'
in /etc/profile or /etc/bashrc.
Couldn't the users get around that by running \sh or /bin/sh? Better to remove /bin/sh ... imagine the breakage that would cause! Best way to get a secure system though -- keep the user's off it ... but, wai a minute, who's watching the sysadmins?! Based on extensive personal experience I'd trust the users way more than myself, any day!
 
Old 08-27-2009, 09:55 AM   #12
catkin
LQ 5k Club
 
Registered: Dec 2008
Location: Tamil Nadu, India
Distribution: Debian
Posts: 8,577
Blog Entries: 31

Rep: Reputation: 1195Reputation: 1195Reputation: 1195Reputation: 1195Reputation: 1195Reputation: 1195Reputation: 1195Reputation: 1195Reputation: 1195
I think the problem here is trying to use shell history as a security audit tool and it's not designed for that; it's designed as a command line convenience and so there are too many ways to get around it. Maybe better to ask if there are any good security audit tools ...
 
Old 08-27-2009, 03:58 PM   #13
colucix
LQ Guru
 
Registered: Sep 2003
Location: Bologna
Distribution: CentOS 6.5 OpenSuSE 12.3
Posts: 10,509

Rep: Reputation: 1978Reputation: 1978Reputation: 1978Reputation: 1978Reputation: 1978Reputation: 1978Reputation: 1978Reputation: 1978Reputation: 1978Reputation: 1978Reputation: 1978
Quote:
Originally Posted by catkin View Post
Couldn't the users get around that by running \sh or /bin/sh? Better to remove /bin/sh ... imagine the breakage that would cause!
Nope if you don't have the sh link anymore! But I agree... if you remove the link there is a chance some system script still uses #!/bin/sh and it would be a damage. Sorry and... @robertjinx please disregard my previous post: I leave it there just for teaching purposes... about what never do on your system... he he!
 
Old 08-27-2009, 04:01 PM   #14
colucix
LQ Guru
 
Registered: Sep 2003
Location: Bologna
Distribution: CentOS 6.5 OpenSuSE 12.3
Posts: 10,509

Rep: Reputation: 1978Reputation: 1978Reputation: 1978Reputation: 1978Reputation: 1978Reputation: 1978Reputation: 1978Reputation: 1978Reputation: 1978Reputation: 1978Reputation: 1978
Quote:
Originally Posted by catkin View Post
I think the problem here is trying to use shell history as a security audit tool and it's not designed for that; it's designed as a command line convenience and so there are too many ways to get around it. Maybe better to ask if there are any good security audit tools ...
Totally agree. Also note that such a question has been asked many times here at LQ. A brief search should give all the needed answers.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Virtual Interfaces, Bridging, TUN, TAP question for KVM setup (ubuntu server 9.04) mogga Linux - Networking 0 06-22-2009 01:35 AM
pcbsd server processes question / server optimization (newbie question) leicaphotos Linux - Server 1 12-10-2008 06:40 AM
Ubuntu newbie question - desktop + server on the same computer? diskoe Ubuntu 7 09-28-2008 05:08 PM
LXer: The Perfect Server - Ubuntu Hardy Heron (Ubuntu 8.04 LTS Server) LXer Syndicated Linux News 0 04-27-2008 06:50 AM
Kinda Dumb Question - Ubuntu Server CD + Fluxbox Bladez Ubuntu 6 08-05-2006 11:17 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 10:18 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration