Skip to main content

Rbash - way to restrict what users can do on your Linux systems.



Rbash - limited shell


If Bash is started with the name rbash, or the --restricted or -r option is supplied at invocation, the shell becomes restricted. A restricted shell is used to set up an environment more controlled than the standard shell. A restricted shell behaves identically to bash with the exception that the following are disallowed or not performed:

  • Changing directories with the cd builtin.
  • Setting or unsetting the values of the SHELLPATHENV, or BASH_ENV variables.
  • Specifying command names containing slashes.
  • Specifying a filename containing a slash as an argument to the . builtin command.
  • Specifying a filename containing a slash as an argument to the -p option to the hash builtin command.
  • Importing function definitions from the shell environment at startup.
  • Parsing the value of SHELLOPTS from the shell environment at startup.
  • Redirecting output using the ‘>’, ‘>|’, ‘<>’, ‘>&’, ‘&>’, and ‘>>’ redirection operators.
  • Using the exec builtin to replace the shell with another command.
  • Adding or deleting builtin commands with the -f and -d options to the enable builtin.
  • Using the enable builtin command to enable disabled shell builtins.
  • Specifying the -p option to the command builtin.
  • Turning off restricted mode with ‘set +r’ or ‘set +o restricted’.

These restrictions are enforced after any startup files are read.


Examples:

usermod -s /bin/rbash user
grep user /etc/passwd
user:x:1002:1002:,,,:/home/user:/bin/rbash

[user@peg ~]$ cd

bash: cd: restricted

[user@peg ~]$ ls t
t
[user@peg ~]$ cat t > test

bash: test: restricted: cannot redirect output

[user@peg ~]$ file about.sh
about.sh: POSIX shell script text executable
[user@peg ~]$ ./about.sh

bash: ./about.sh: restricted: cannot specify `/' in command names

source










Comments

Popular posts from this blog

Install Zabbix 3.4.1 on Oracle Linux 7.4 64-bit with Selinux enabled

Zabbix 3.4.1 on Oracle Linux 7.4 64-bit with Selinux enabled.
We will install Zabbix 3.4.1 on Oracle Linux 7.4 64-bit.

OS: Oracle Linux 7.4 64-bit
We install OS using VMware Workstation 12 Player. We use 20 GB partition with option automatic LVM.
After install make network interface start on boot
grep ONBOOT /etc/sysconfig/network-scripts/ifcfg-ens33 ONBOOT=yes
-set hostname:
hostnamectl set-hostname zabbix01 - do system update:
yum clean all; rm –fr /var/cache/yum; yum update –y Optional allow rule for ssh with firwall-cmd and install necessary packages: firewall-cmd --permanent --add-port=22/tcpyum install vim mc wget tcpdump -y
Finally after reboot we have newest possible kernel installed:
uname –aLinux zabbix01 4.1.12-103.3.8.el7uek.x86_64 #2 SMP Mon Aug 21 17:27:54 PDT 2017 x86_64 x86_64 x86_64 GNU/Linux
Next install your favorite X-System – for example:
yum groupinstall "X Window System" yum install gnome-classic-session gnome-terminal nautilus-open-terminal control-center l…

Redox

Redox is a Unix-like microkernel operating system written in the programming language Rust, a language with focus on safety and high performance.
Redox is inspired by previous kernels and operating systems, such as Minix or BSD.
The Redox OS Kernel is a hybrid kernel that supports X86_64 systems and provides Unix-like syscalls for primarily Rust applications.
The website can be found at https://www.redox-os.org.
After download iso file we can start Virtual Machine with Redox:




root / password




Have a fun ☺