Pressing Ctrl-C to close their shell would just disconnect the user. They cannot remain connected with their shell closed.<br><br>Bad codding in the custom menu program could fork an unprotected TTY shell but that is not a flaw in the re-assigning of the shell in the /etc/passwd file.<br>
<br>A root jail is a good idea. I use a rootjail as the shell for restricted scp access to my server using the files like so. <br><br>--- /etc/passwd ---<br>...<br>user001:x:2062:1000::/jails/myvhosteddomain/scpdirectory:/usr/sbin/jailme<br>
--- /etc/passwd ---<br>
<br>
<br>
--- /usr/sbin/jailme ---<br>#!/bin/bash<br>MY_ID=`id -u`<br>if [ $MY_ID -ne 0 ]; then<br> exec sudo /usr/sbin/jailme $HOME<br>fi<br>if [ -d "$1" ]; then<br> chroot "$1" /bin/sh <br>fi<br>--- /usr/sbin/jailme ---<br>
<br><br><br>--- /etc/sudoers ---<br>...<br>%prisoners ALL=NOPASSWD:/usr/sbin/jailme<br>
--- /etc/sudoers ---<br>
<br><br>--- /etc/group ---<br>...<br>prisoners:x:1000:<br>
--- /etc/group ---<br>
<br><br><div class="gmail_quote">On Fri, Nov 28, 2008 at 9:35 AM, Peter Van den Wildenbergh <span dir="ltr"><<a href="mailto:peter@meta-logica.com">peter@meta-logica.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div class="Ih2E3d">Royce Souther wrote:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Why not just set their shell in the /etc/passwd file to be a wrapper script for the text program you want them to run.<br>
<br>
<br>
guest:x:1005:1005::/home/guest:/usr/local/bin/CustomMenu.bsh<br>
<br>
<br>
/usr/local/bin/CustomMenu.bsh<br>
#!/bin/bash<br>
<br>
/usr/bin/somettyncursesprogram opt1 opt2 opt3...optN<br>
<br>
</blockquote></div>
Depending on the application this will work but pressing CTRL-C or something simular might give access to a wide open system.<br>
Chroot'ing (Jailing) the users might help in this case.<br>
<br>
You can shield things if you chroot them to the same directory by group (dir has to contain 'ALL' the commands needed)<br>
<br>
I've done a couple of these things before, I usually start with something like this <a href="http://www.fuschlberger.net/programs/ssh-scp-sftp-chroot-jail/" target="_blank">http://www.fuschlberger.net/programs/ssh-scp-sftp-chroot-jail/</a><br>
<font color="#888888">
<br>
Peter</font><div><div></div><div class="Wj3C7c"><br>
<br>
_______________________________________________<br>
clug-talk mailing list<br>
<a href="mailto:clug-talk@clug.ca" target="_blank">clug-talk@clug.ca</a><br>
<a href="http://clug.ca/mailman/listinfo/clug-talk_clug.ca" target="_blank">http://clug.ca/mailman/listinfo/clug-talk_clug.ca</a><br>
Mailing List Guidelines (<a href="http://clug.ca/ml_guidelines.php" target="_blank">http://clug.ca/ml_guidelines.php</a>)<br>
**Please remove these lines when replying<br>
</div></div></blockquote></div><br><br clear="all"><br>-- <br><a href="http://www.Radados.org">http://www.Radados.org</a><br>