Thanks n Regards,
zix
It sounds like you are trying to reinvent su or sudo.
It really sounds like a pretty useful combination of the two: an su (so
it behaves like a shell) with only a restricted set of privileged
operations available (like a carefully managed sudo).
bash has a "restricted mode" that works sort of like this. From bash(1):
RESTRICTED SHELL
If bash is started with the name rbash, or the -r option is supplied at
invocation, the shell becomes restricted. A restricted shell is used
to set up an environment more controlled than the standard shell. It
behaves identically to bash with the exception that the following are
disallowed or not performed:
o changing directories with cd
o setting or unsetting the values of SHELL, PATH, ENV, or BASH_ENV
o specifying command names containing /
o specifying a file name containing a / as an argument to the .
builtin command
o Specifying a filename containing a slash as an argument to the
-p option to the hash builtin command
o importing function definitions from the shell environment at
startup
o parsing the value of SHELLOPTS from the shell environment at
startup
o redirecting output using the >, >|, <>, >&, &>, and >> redirect-
ion operators
o using the exec builtin command to replace the shell with another
command
o adding or deleting builtin commands with the -f and -d options
to the enable builtin command
o Using the enable builtin command to enable disabled shell
builtins
o specifying the -p option to the command builtin command
o turning off restricted mode with set +r or set +o restricted.
These restrictions are enforced after any startup files are read.
When a command that is found to be a shell script is executed (see COM-
MAND EXECUTION above), rbash turns off any restrictions in the shell
spawned to execute the script.
I don't know how much I'd rely on this for real security. I don't think
it's a feature that probably gets a lot of use, so it may have bugs or
loopholes that have not yet been discovered (except possibly by bad
guys).
> Joe Pfeiffer <pfei...@cs.nmsu.edu> writes:
>
>> Bill Marcum <marcu...@bellsouth.net> writes:
>>
>>> On 2009-06-15, zix <zix...@gmail.com> wrote:
>>>>
>>>>
>>>> Hi,
>>>> I need to implement a sub shell. lets call this priviledge mode,
>>>> where an user will be allowed to enter a set of commands which he can
>>>> only enter in priviledged mode. The priviledged mode can be entered
>>>> via conventional login/password promt from bash shell. lets for
>>>> example say like if I wanted df command to be executed from
>>>> priviledged mode. Any idea will be appreciated how to approach here.
>>>> Are there any open source project like this developed somewhere? Any
>>>> idea wil be of great help.
>>>>
>>>> Thanks n Regards,
>>>> zix
>>>
>>> It sounds like you are trying to reinvent su or sudo.
>>
>> It really sounds like a pretty useful combination of the two: an su (so
>> it behaves like a shell) with only a restricted set of privileged
>> operations available (like a carefully managed sudo).
>
> bash has a "restricted mode" that works sort of like this. From bash(1):
<snip actual description>
That's not what I understood the original poster to be asking for --
that's a more restricted shell than normal. My impression is that he's
looking for a shell that gives all the normal capabilities, plus the
ability to run a managed set of extra commands that would normally
require root.
is there any way other than writing an entire cli component?
i thought about sevaral stuff..lets say if i block every programs in
the beginning, then write a script whenever the user types pri, when i
will take the password and make the user give the command in my shell
rather than the bash shell directly. Then I will write a mini parser
to parse that, and then call the bash shell command.
The problem over here is that I have to block every goddamn possible
command in beginning. Any easier way to implement?
Regards,
zix
At least two, actually, and they are called 'su' and 'newgrp':
Assuming that you don't want to restrict access to shell builtins,
the shell should by default run with an unprivileged uid and this
particular user shouldn't be able to execute 'important commands',
because these would have suitable UNIX(*)-permissions preventing that,
ie belong to another user and possibly, to a group the default user
doesn't belong to, and have a mode of either 0700 or 0750. Executing
any of these would then require to either change to a suitable uid or
gid. Both 'users' and 'groups' can have a password associated with
them.
sudo cmd
to run cmd. The first time you use it you have to give your password;
it then remembers the password so you don't have to enter it again
(unless you go five minutes without using sudo)
well, we want to go for a new mode for this: lets say we have to
execute some script which we want to restrict from the normal users.
so when we enter this mode, we can run this script, its not possible
to affix a sudo prefix for each command in the script.
I am evaluating if this newgrp will suffice to our use. I will let
know. I am also evaluatin schroot. Any idea how it works?
Thanks everybody,
zix