Skip to main content

Rbash - way to restrict what users can do on your Linux systems.



Rbash - limited shell


If Bash is started with the name rbash, or the --restricted or -r option is supplied at invocation, the shell becomes restricted. A restricted shell is used to set up an environment more controlled than the standard shell. A restricted shell behaves identically to bash with the exception that the following are disallowed or not performed:

  • Changing directories with the cd builtin.
  • Setting or unsetting the values of the SHELLPATHENV, or BASH_ENV variables.
  • Specifying command names containing slashes.
  • Specifying a filename containing a slash as an argument to the . builtin command.
  • Specifying a filename containing a slash as an argument to the -p option to the hash builtin command.
  • Importing function definitions from the shell environment at startup.
  • Parsing the value of SHELLOPTS from the shell environment at startup.
  • Redirecting output using the ‘>’, ‘>|’, ‘<>’, ‘>&’, ‘&>’, and ‘>>’ redirection operators.
  • Using the exec builtin to replace the shell with another command.
  • Adding or deleting builtin commands with the -f and -d options to the enable builtin.
  • Using the enable builtin command to enable disabled shell builtins.
  • Specifying the -p option to the command builtin.
  • Turning off restricted mode with ‘set +r’ or ‘set +o restricted’.

These restrictions are enforced after any startup files are read.


Examples:

usermod -s /bin/rbash user
grep user /etc/passwd
user:x:1002:1002:,,,:/home/user:/bin/rbash

[user@peg ~]$ cd

bash: cd: restricted

[user@peg ~]$ ls t
t
[user@peg ~]$ cat t > test

bash: test: restricted: cannot redirect output

[user@peg ~]$ file about.sh
about.sh: POSIX shell script text executable
[user@peg ~]$ ./about.sh

bash: ./about.sh: restricted: cannot specify `/' in command names

source










Comments

Popular posts from this blog

Install Zabbix 3.4.1 on Oracle Linux 7.4 64-bit with Selinux enabled

Zabbix 3.4.1 on Oracle Linux 7.4 64-bit with Selinux enabled.
We will install Zabbix 3.4.1 on Oracle Linux 7.4 64-bit.

OS: Oracle Linux 7.4 64-bit
We install OS using VMware Workstation 12 Player. We use 20 GB partition with option automatic LVM.
After install make network interface start on boot
grep ONBOOT /etc/sysconfig/network-scripts/ifcfg-ens33 ONBOOT=yes
-set hostname:
hostnamectl set-hostname zabbix01 - do system update:
yum clean all; rm –fr /var/cache/yum; yum update –y Optional allow rule for ssh with firwall-cmd and install necessary packages: firewall-cmd --permanent --add-port=22/tcpyum install vim mc wget tcpdump -y
Finally after reboot we have newest possible kernel installed:
uname –aLinux zabbix01 4.1.12-103.3.8.el7uek.x86_64 #2 SMP Mon Aug 21 17:27:54 PDT 2017 x86_64 x86_64 x86_64 GNU/Linux
Next install your favorite X-System – for example:
yum groupinstall "X Window System" yum install gnome-classic-session gnome-terminal nautilus-open-terminal control-center l…

Quick UDP Internet Connections

What is QUIC?

QUIC (Quick UDP Internet Connections) is a new transport protocol for the internet, developed by Google.






QUIC solves a number of transport-layer and application-layer problems experienced by modern web applications, while requiring little or no change from application writers. QUIC is very similar to TCP+TLS+HTTP2, but implemented on top of UDP. Having QUIC as a self-contained protocol allows innovations which aren’t possible with existing protocols as they are hampered by legacy clients and middleboxes.
Key advantages of QUIC over TCP+TLS+HTTP2 include: Connection establishment latency Improved congestion control Multiplexing without head-of-line blocking Forward error correction Connection migration

more / source:
http://blog.chromium.org/2015/04/a-quic-update-on-googles-experimental.html https://www.chromium.org/quic https://tools.ietf.org/pdf/draft-tsvwg-quic-protocol-02.pdf