3 Jan
2025
3 Jan
'25
1:47 a.m.
On 1/2/25 1:13 PM, Rik Farrow wrote:
On Thu, Jan 2, 2025 at 7:23 AM Chet Ramey <chet.ramey(a)case.edu
<mailto:chet.ramey@case.edu>> wrote:
On 1/1/25 1:11 PM, Rik Farrow wrote:
OK, I thought you meant the other way, breaking out of a restricted
environment.
--
``The lyf so short, the craft so long to lerne.'' - Chaucer
``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, UTech, CWRU chet(a)case.edu http://tiswww.cwru.edu/~chet/
For example, the 3B2 I
administered for a while in the late 80s had multiple accounts with
rsh,
the restricted shell, as the login shell. That
was okay, unless you
used su
and then had access to a root shell.
That's an administrator problem. Part of setting up a restricted shell
environment is creating a directory of necessary binaries and setting
PATH appropriately.
Each of these special accounts did have a home directory with a .profile to
set up the restricted environment, then run a shell script to perform some
task as root. For example, logging in as 'backup' would run /user/
backup/.profile and allow a non-privileged user to run a backup script as root.
But typing "su backup" produced a root-owner shell without restrictions.
You need to type "su - " to run the account's .profile script.