[clue-admin] User setup for "member" accounts
Collins Richey
crichey at gmail.com
Tue Dec 28 21:32:39 MST 2004
On Tue, 28 Dec 2004 17:54:11 -0700, Jed S. Baer <thag at frii.com> wrote:
> On Tue, 28 Dec 2004 17:36:29 -0700
> Collins Richey wrote:
>
> > Does anyone have suggestions about getting round this impass? I had
> > intended to setup users with a home directory and ~/public_html for
> > their webpage, but that won't work (as far as I know) without normal
> > shell access.
>
> Just FYI, turns out what was missing was the symlink from /bin/rbash to
> /bin/bash.
>
> However, just doing a little reading, I see there's more to this to have
> it all work the way we want it to work (e.g. members can edit their own
> website).
>
OK, I was a little too quick on the trigger. I was able to login my
'junk' account, and I'm getting a little more familiar with restricted
shell. Users cannot cd or create directories, but they can edit and
create new files under any subordinate directories we provide them,
i.e. I can vi public_html/index.html, update it, and save it. I can
also create new public_html/xxxx files and rm them. So, this should
provide members the facility for maintaining their website.
As Jed mentioned, however, this isn't a perfectly secure environment.
Users can create scripts that run bash to do things outside their home
environment. They can't run ./xxx, but they can run bash xxx to do
some unrestricted things, i.e. stuff any normal user could do.
--
Collins
More information about the clue-admin
mailing list