Hi. On Sat, 18 Jan 2014 14:50:21 +0000 Chris Davies <[email protected]> wrote:
> Reco <[email protected]> wrote: > > Set up another user with /bin/rbash (not straight /bin/bash) as a shell. > > Set PATH in .bashrc of said user to that program. > > Unfortunately rbash has a race condition built in to its execution of > .profile by definition (it doesn't disable the interrupt signal until > after the .profile has been executed, so it becomes quite possible to > Ctrl/C during login and gain an interactive shell). You'd be better off > with rksh, which works properly. Didn't know it, thanks. > But then again, .profile can be bypassed by a non-interactive login: > > ssh remotehost mv -f .profile .p > ssh remotehost 'chattr +i .profile' should solve that issue. In fact, in OP's situtation I'd chattr'ed anything in restricted user's home. Reco -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
