Welcome to the Linux Foundation Forum!

33.12: Could use some explanation of WHY linking rbash to bash works

Section 33.12, "Restricted Accounts" mentions that if you want to set someone's shell to "bash -r", but you can't use command-line args to the shell in /etc/passwd, you should create a symlink, hardlink, or physical copy of "/bin/bash" to "/bin/rbash", and use that instead.

That's all it says about it.

A reasonable person might ask at this point "uh, how does that work exactly"?

As I technically have no idea how running it as "rbash" instead of "bash" makes it add "-r" to the command-line args, I'm going to make a reasonable guess, that the "bash" executable looks at the name it was executed with, and if it's "rbash", it implicitly adds that argument. If that's actually the case, it would be useful to state this, to aid the understanding of this.

I also noticed that my Ubuntu 14.04 VM already had this link in place, but not my CentOS7.2 box.

Comments

  • rchenzheng
    rchenzheng Posts: 36
    edited January 2016
    Nevermind, now I get what you mean.

    I would also like to have this answered, how creating a symlink of /bin/bash named /bin/rbash will restrict the account?

Categories

Upcoming Training