[TUHS] "Webster's Second on the Head of a Pin"?
Chet Ramey via TUHS
tuhs at tuhs.org
Fri Jan 3 05:47:26 AEST 2025
On 1/2/25 1:13 PM, Rik Farrow wrote:
>
>
> On Thu, Jan 2, 2025 at 7:23 AM Chet Ramey <chet.ramey at case.edu
> <mailto:chet.ramey at case.edu>> wrote:
>
> On 1/1/25 1:11 PM, Rik Farrow wrote:
> > For example, the 3B2 I
> > administered for a while in the late 80s had multiple accounts with
> rsh,
> > the restricted shell, as the login shell. That was okay, unless you
> used su
> > and then had access to a root shell.
>
> That's an administrator problem. Part of setting up a restricted shell
> environment is creating a directory of necessary binaries and setting
> PATH appropriately.
>
> Each of these special accounts did have a home directory with a .profile to
> set up the restricted environment, then run a shell script to perform some
> task as root. For example, logging in as 'backup' would run /user/
> backup/.profile and allow a non-privileged user to run a backup script as root.
>
> But typing "su backup" produced a root-owner shell without restrictions.
> You need to type "su - " to run the account's .profile script.
OK, I thought you meant the other way, breaking out of a restricted
environment.
--
``The lyf so short, the craft so long to lerne.'' - Chaucer
``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, UTech, CWRU chet at case.edu http://tiswww.cwru.edu/~chet/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 203 bytes
Desc: OpenPGP digital signature
URL: <http://www.tuhs.org/pipermail/tuhs/attachments/20250102/39b8233c/attachment.sig>
More information about the TUHS
mailing list