[kwlug-disc] Setting shell to a script

Paul Nijjar paul_nijjar at yahoo.ca
Wed Sep 4 17:37:02 EDT 2019


My websearching skills are failing me on this, so I will ask you smart
people. 

I have an account that is kind of a service account (humans will not
log into that account) but will be used for rsync via ssh. For
security I would prefer that this account be locked down.

I had set the shell of the user to /bin/false, but then ssh does not
work. 

I am using a whitelist script I documented here:
http://pnijjar.freeshell.org/2015/lock-rsync/

Now I am wondering if there is more I can do to lock down the account.
Setting the shell to /bin/rbash is not helpful unless I lock down a
bunch of other things. There is an rssh shell that I have read about,
but I have not tried it yet. 

One thing I am considering is actually setting the shell for the user
to my whitelist script, which is a python executable. Is this a
promising idea or a terrible one?

- Paul

-- 
Get tech event listings: https://off-topic.kwlug.org/watcamp
Blog: http://pnijjar.freeshell.org




More information about the kwlug-disc mailing list