[clug-talk] Secure menu shell?

Peter Van den Wildenbergh peter at meta-logica.com
Fri Nov 28 08:35:00 PST 2008


Royce Souther wrote:
> Why not just set their shell in the /etc/passwd file to be a wrapper 
> script for the text program you want them to run.
>
>
> guest:x:1005:1005::/home/guest:/usr/local/bin/CustomMenu.bsh
>
>
> /usr/local/bin/CustomMenu.bsh
> #!/bin/bash
>
> /usr/bin/somettyncursesprogram opt1 opt2 opt3...optN
>
Depending on the application this will work but pressing CTRL-C or 
something simular might give access to a wide open system.
Chroot'ing (Jailing) the users might help in this case.

You can shield things if you chroot them to the same directory by group 
(dir has to contain 'ALL' the commands needed)

I've done a couple of these things before, I usually start with 
something like this 
http://www.fuschlberger.net/programs/ssh-scp-sftp-chroot-jail/

Peter



More information about the clug-talk mailing list