[kwlug-disc] Setting shell to a script
Jason Eckert
jason.eckert at gmail.com
Wed Sep 4 17:54:55 EDT 2019
Have you tried using /sbin/nologin instead of /bin/false?
On Wed, Sep 4, 2019 at 5:37 PM Paul Nijjar via kwlug-disc <
kwlug-disc at kwlug.org> wrote:
> My websearching skills are failing me on this, so I will ask you smart
> people.
>
> I have an account that is kind of a service account (humans will not
> log into that account) but will be used for rsync via ssh. For
> security I would prefer that this account be locked down.
>
> I had set the shell of the user to /bin/false, but then ssh does not
> work.
>
> I am using a whitelist script I documented here:
> http://pnijjar.freeshell.org/2015/lock-rsync/
>
> Now I am wondering if there is more I can do to lock down the account.
> Setting the shell to /bin/rbash is not helpful unless I lock down a
> bunch of other things. There is an rssh shell that I have read about,
> but I have not tried it yet.
>
> One thing I am considering is actually setting the shell for the user
> to my whitelist script, which is a python executable. Is this a
> promising idea or a terrible one?
>
> - Paul
>
> --
> Get tech event listings: https://off-topic.kwlug.org/watcamp
> Blog: http://pnijjar.freeshell.org
>
> _______________________________________________
> kwlug-disc mailing list
> kwlug-disc at kwlug.org
> http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kwlug.org/pipermail/kwlug-disc_kwlug.org/attachments/20190904/bd61573e/attachment.htm>
More information about the kwlug-disc
mailing list