bash script interruption

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

  I'm building restricted environment with rbash as
  shell. Now, I want restricted user to be able to only run binaries
  from /usr/local/rbin. So I set such line in his .bash_profile:

  He gets this PATH set, he can run only these binaries, and
  everything is fine. But what i'm woried is: can he interrupt
  executing this .bash_profile script by any means, say by sending
  CTRL+C (SIGINT) signal? Because if he could, he would get a default
  PATH that's not "/usr/local/rbin".

  I've checked one thing, i.e I set .bash_profile file as folows:

  echo "hello restricted user"
  sleep 5
  echo "sleep finished"

  When user logs in, he sees hello text, now if he press CTRL+C
  (during 'sleep'), he wont get "sleep finished", he wont have PATH
  set either.

  So you see what my wondering is about. Can the same be done with the
  first script (only PATH)?

  Thanks for all responses.

If you want to contact me via e-mail, remove NOSPAM before '@'.
Best regards

Re: bash script interruption

try set PATH before any other commands.

  echo "hello restricted user"
  sleep 5
  echo "sleep finished"

Re: bash script interruption

Also note that the user can still run commands by giving the full
path. (/bin/ls ~)

Re: bash script interruption

On 19 May 2007 21:55:07 -0700, mmiikkee13
Quoted text here. Click to load it
Not in a restricted shell.

The giraffe you thought you offended last week is willing to be nuzzled today.

Re: bash script interruption

Quoted text here. Click to load it

Not in rbash. Sigh.

Re: bash script interruption

| Also note that the user can still run commands by giving the full
| path. (/bin/ls ~)

Actually, no they can't.

From the bash man page:

    If bash is started with the name rbash, or the -r option is
    supplied at invocation, the shell becomes restricted.
    A restricted shell is used to set up an environment more
    controlled than the standard shell. It behaves identically
    to bash with the exception that the following are disallowed
    or not performed:

    *   changing directories with cd

    *   setting or unsetting the values of SHELL, PATH, ENV, or

    *   specifying command names containing /

    *   specifying a file name containing a / as an argument to
        the . builtin command

    *   Specifying a filename containing a slash as an argument to
        the -p option to the hash builtin command

    *   importing function definitions from the shell environment
        at startup

    *   parsing the value of SHELLOPTS from the shell environment
        at startup

    *   redirecting output using the >, >|, <>, >&, &>, and >>
        redirection operators

    *   using the exec builtin command to replace the shell with
        another command

    *   adding or deleting builtin commands with the -f and -d
        options to the
        enable builtin command

    *   Using the enable builtin command to enable disabled shell

    *   specifying the -p option to the command builtin command

    *   turning off restricted mode with set +r or set +o

    These restrictions are enforced after any startup files are read.

    When a command that is found to be a shell script is executed
    (see COMMAND EXECUTION above), rbash turns off any restrictions
    in the shell spawned to execute the script.

Reverend Paul Colquhoun, ULC.
   Asking for technical help in newsgroups? Read this first:

Site Timeline