On Thu, Jan 12, 2012 at 12:26 PM, Chris Davies
<chris-use...@roaima.co.uk> wrote:
> Davit Avsharyan <avshar...@gmail.com> wrote:
>> 1/ I'm wondering why most of the system users have valid shells by
>> default ?
>> /cat /etc/passwd | grep -E '(sh|bash)' | wc -l
>> *21*/
>
> That's not necessarily sufficient to determine valid shells: the absence
> of a shell definition implies the use of /bin/sh, so you need to check
> that, too.
>
> Something like this should probably give you a definitive list -
>
> SS=$(grep '^/' /etc/shells | xargs)
> for S in $SS ''; do
> getent passwd | awk -F: -v S="$S" '{if ($7 == S) print $1, $7}'
> done
>
> Chris
Why filter to those in /etc/shells ? I mean... the filter should be
applied by the system :)
getent passwd | awk -F: '{print $1, $7}' | column -t
But neither of both codes take in mind if there is sudo in the system,
and what is gained in its config.
Also, neither of both codes think about ForceCommand in ssh... So I
maybe listed as /bin/bash, but I me be able only of run /usr/bin/cal
once as my shell and get kicked.
root@infinity:~ # adduser deleteme
Adding user `deleteme' ...
Adding new group `deleteme' (1002) ...
Adding new user `deleteme' (1002) with group `deleteme' ...
Creating home directory `/home/deleteme' ...
Copying files from `/etc/skel' ...
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
Changing the user information for deleteme
Enter the new value, or press ENTER for the default
Full Name []:
Room Number []:
Work Phone []:
Home Phone []:
Other []:
Is the information correct? [Y/n] y
root@infinity:~ # printf -- "Match User %s\n\tForceCommand %s\n"
'deleteme' '/usr/bin/cal' >> /etc/ssh/sshd_config
root@infinity:~ # /etc/init.d/ssh restart
Restarting OpenBSD Secure Shell server: sshd.
root@infinity:~ # su - deleteme
deleteme@infinity:~$ ssh localhost
The authenticity of host 'localhost (127.0.0.1)' can't be established.
RSA key fingerprint is f5:7f:f7:bf:e5:43:33:03:b9:9a:71:e5:cf:6f:80:1a.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'localhost' (RSA) to the list of known hosts.
deleteme@localhost's password:
January 2012
Su Mo Tu We Th Fr Sa
1 2 3 4 5 6 7
8 9 10 11 12 13 14
15 16 17 18 19 20 21
22 23 24 25 26 27 28
29 30 31
Connection to localhost closed.
deleteme@infinity:~$ logout
root@infinity:~ # getent passwd | awk -F: '/deleteme/{print $1, $7}'
deleteme /bin/bash
root@infinity:~ #
>
>
> --
> To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
> Archive: http://lists.debian.org/djs2u8xfrv....@news.roaima.co.uk
>
--
Iñigo
--
To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive:
http://lists.debian.org/cakdtd8sr3pw5vgwzo2jqckywkotuh8mu-f+qnlwvbthj92w...@mail.gmail.com
