On Thu, 2009-05-21 at 13:18 -0700, Todd A. Jacobs wrote: > On Thu, May 21, 2009 at 01:53:08AM +0700, Sthu Deus wrote: > > > I have noticed that for some users in /etc/passwd the shell > > environment is set as bash and for some as sh. This has led me to the > > following questions: > > . Why is it so, meaning what is the meaning of it? > > System accounts and system scripts have traditionally used the Bourne > shell for compatibility. So, it's either for legacy compatibility, or > because the Debian policy requires it. > > > . Do I give more insecure environment to a user setting for him sh > > instead of bash? > > Neither shell is really "secure."
FUD[1] ? Shells are intended to let user run arbitrary commands. If one wants to control what program are executed, solutions like SELinux are the correct way to control it. (It's sensible to access ~/.gnupg/secring.gpg from a mail user agent, but certainly not using wget) Want a root account ? see http://www.coker.com.au/selinux/ and have [no] fun ;) > Even rbash isn't really secure, although it's certainly better than > the default...if you can get it to work with your scripts. rbash doesn't help at all. Escaping rbash is as trivial as running : perl -e 'exec("bash")'; Or starting vim, then type: [esc]:set shell=/bin/bash [esc]:shell Regards, Franklin [1] http://en.wikipedia.org/wiki/Fear,_uncertainty_and_doubt -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
