[kwlug-disc] Setting shell to a script
Paul Nijjar
paul_nijjar at yahoo.ca
Wed Sep 4 17:37:02 EDT 2019
My websearching skills are failing me on this, so I will ask you smart
people.
I have an account that is kind of a service account (humans will not
log into that account) but will be used for rsync via ssh. For
security I would prefer that this account be locked down.
I had set the shell of the user to /bin/false, but then ssh does not
work.
I am using a whitelist script I documented here:
http://pnijjar.freeshell.org/2015/lock-rsync/
Now I am wondering if there is more I can do to lock down the account.
Setting the shell to /bin/rbash is not helpful unless I lock down a
bunch of other things. There is an rssh shell that I have read about,
but I have not tried it yet.
One thing I am considering is actually setting the shell for the user
to my whitelist script, which is a python executable. Is this a
promising idea or a terrible one?
- Paul
--
Get tech event listings: https://off-topic.kwlug.org/watcamp
Blog: http://pnijjar.freeshell.org
More information about the kwlug-disc
mailing list