Christopher Swingley wrote: <snip>
This is what I've done when I wanted to reduce the set of commands a user could run. I'm sure a reasonably competant Unix user could easily circumvent these restrictions, but it's a good first start, and making such attempts would result in account suspension.
Change their shell to /bin/rbash in /etc/passwd:
bbonds:x:50539:50539:Barry Bonds,,,:/home/bbonds:/bin/rbash
Change the ownership and permissions on their .bash_profile and .bashrc to root:root 644:
-rw-r--r-- 1 root root 420 Sep 21 13:05 .bash_profile -rw-r--r-- 1 root root 746 Sep 21 13:05 .bashrc
<snip>
You should also add the sticky bit to their directory (chmod +t) to prevent them from replacing these files.
Ben.
-- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
