On May 20, 2005, at 10:57 AM, Hall, Ken (IDS DCS PE) wrote:
...which pretty much blows out the "restricted shell" idea. I vaguely recall when I first used it on real UNIX, it DID let you cd BELOW your home directory, but the current incarnation in bash doesn't let you cd at ALL. You can MAKE subdirectories, but you can't access them. Weird. You also lose the ability to redirect output via ">", "<", and pipe. Even more curious, the manual says you can't specify file paths containing an initial /, but I WAS able to cat /etc/passwd from a restricted shell. I guess they really mean PROGRAM paths.
The ability to "ls" implies the ability to read /etc/passwd. /etc/passwd must be a publically accessible file in order to allow uid->username mappings. This is why if you want to hide passwords, you should go to shadow passwords, which live in /etc/shadow, which does not have to be world-readable. Or better yet, go to some sitewide secure authentication mechanism that doesn't depend on good old Unix single-factor authentication. Adam ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
