I can not run .sh file

[Hodor228]

How to make it work? I have file test.sh in /home/melenn and when I try to run the script - I get an error: melenn:~$ sh test.sh test.sh: line 2: /usr/bin/touch: Permission denied

File test.sh:

/bin/sh

touch noob

My user settings: [melenn] allowed: ['ls','echo','cd','ll','cp','mv','unzip','zip','rm','sh','bash','touch'] strict: 0 warning_counter: 2

timer: 5

path: ['/home/melenn'] home_path: '/home/melenn' allowed_cmd_path: ['/home/melenn'] scp: 1 sftp: 0 overssh: ['ls','echo','cd','ll','cp','mv','unzip','zip','rm','sh','bash','touch']

[Hodor228]

Solved by allowed_shell_escape: ['bash','sh']

[ghantoos]

By allowing 'bash' you are basically allowing your user to get out of the restricted shell.

You should execute your script by calling it directly './myscript.sh'.

[Hodor228]

I cant! See:

synergy:~$ cd server1
synergy:~/server1$ ./shutdown.sh
*** forbidden command: ./shutdown.sh
synergy:~/server1$ ./shutdown.sh
*** forbidden command: ./shutdown.sh
synergy:~/server1$ ./shutdown.sh
*** forbidden command: ./shutdown.sh
synergy:~/server1$ ./shutdown.sh
*** forbidden command: ./shutdown.sh
synergy:~/server1$ ./shutdown.sh
*** forbidden command: ./shutdown.sh
synergy:~/server1$ ./shutdown.sh
*** forbidden command: ./shutdown.sh
synergy:~/server1$

My settings:

#lshell.py configuration file
#
#$Id: lshell.conf,v 1.27 2010-10-18 19:05:17 ghantoos Exp $

[global]
#log directory (default /var/log/lshell/ )
logpath         : /var/log/lshell/
#set log level to 0, 1, 2, 3 or 4  (0: no logs, 1: least verbose,
#4: log all commands)
loglevel        : 2
#configure log file name (default is %u i.e. username.log)
#logfilename     : %y%m%d-%u
#logfilename     : syslog

#in case you are using syslog, you can choose your logname
#syslogname      : myapp

#Set path to sudo noexec library. This path is usually autodetected, only
#set this variable to use alternate path. If set and the shared object is
#not found, lshell will exit immediately. Otherwise, please check your logs
#to verify that a standard path is detected.
#path_noexec     : /usr/libexec/sudo_noexec.so

#include a directory containing multiple configuration files. These files
#can only contain default/user/group configuration. The global configuration will
#only be loaded from the default configuration file.
#e.g. splitting users into separate files
#include_dir     : /etc/lshell.d/*.conf

[default]
#a list of the allowed commands without execution privileges or 'all' to
#allow all commands in user's PATH
#
#if  sudo(8) is installed and sudo_noexec.so is available, it will be loaded
#before running every command, preventing it from  running  further  commands
#itself. If not available, beware of commands like vim/find/more/etc. that
#will allow users to execute code (e.g. /bin/sh) from within the application,
#thus easily escaping lshell. See variable 'path_noexec' to use an alternative
#path to library.
allowed         : ['ls', 'echo','ll']

#A list of the allowed commands that are permitted to execute other
#programs (e.g. shell scripts with exec(3)). Setting this variable to 'all'
#is NOT allowed. Warning do not put here any command that can execute
#arbitrary commands (e.g. find, vim, xargs)
#
#Important: commands defined in 'allowed_shell_escape' override their
#definition in the 'allowed' variable
#allowed_shell_escape        : ['man','zcat']

#a list of forbidden character or commands
forbidden       : [';', '&', '|','`','>','<', '$(', '${']

#a list of allowed command to use with sudo(8)
#if set to ´all', all the 'allowed' commands will be accessible through sudo(8)
#sudo_commands   : ['ls', 'more']

#number of warnings when user enters a forbidden value before getting 
#exited from lshell, set to -1 to disable.
warning_counter : 2

#command aliases list (similar to bash’s alias directive)
aliases         : {'ll':'ls -l'}

#introduction text to print (when entering lshell)
#intro           : "== My personal intro ==\nWelcome to lshell\nType '?' or 'help' to get the list of allowed commands"

#configure your promt using %u or %h (default: username)
#prompt          : "%u@%h"

#set sort prompt current directory update (default: 0)
#prompt_short    : 0

#a value in seconds for the session timer
#timer           : 5

#list of path to restrict the user "geographicaly"
#warning: many commands like vi and less allow to break this restriction
#path            : ['/home/bla/','/etc']

#set the home folder of your user. If not specified the home_path is set to 
#the $HOME environment variable
#home_path       : '/home/bla/'

#update the environment variable $PATH of the user
#env_path        : ':/usr/local/bin:/usr/sbin'

#a list of path; all executable files inside these path will be allowed 
#allowed_cmd_path: ['/home/bla/bin','/home/bla/stuff/libexec']

#add environment variables
#env_vars        : {'foo':1, 'bar':'helloworld'}

#allow or forbid the use of scp (set to 1 or 0)
#scp             : 1

#forbid scp upload
#scp_upload       : 0

#forbid scp download
#scp_download     : 0

#allow of forbid the use of sftp (set to 1 or 0)
#this option will not work if you are using OpenSSH's internal-sftp service
#sftp            : 1

#list of command allowed to execute over ssh (e.g. rsync, rdiff-backup, etc.)
#overssh         : ['ls', 'rsync']

#logging strictness. If set to 1, any unknown command is considered as 
#forbidden, and user's warning counter is decreased. If set to 0, command is
#considered as unknown, and user is only warned (i.e. *** unknown synthax)
strict          : 0

#force files sent through scp to a specific directory
#scpforce        : '/home/bla/uploads/'

#Enable support for WinSCP with scp mode (NOT sftp)
#When enabled, the following parameters will be overridden:
#scp_upload: 1 (uses scp(1) from within session)
#scp_download: 1 (uses scp(1) from within session)
#scpforce - Ignore (uses scp(1) from within session)
#forbidden: -[';']
#allowed: +['scp', 'env', 'pwd', 'groups', 'unset', 'unalias']
#winscp: 0

#history file maximum size 
#history_size     : 100

#set history file name (default is /home/%u/.lhistory)
#history_file     : "/home/%u/.lshell_history"

#define the script to run at user login
#login_script     : "/path/to/myscript.sh"

[synergy]
allowed: ['ls','echo','cd','ll','cp','mv','unzip','zip','rm','sh','chmod','cat','./']
allowed_shell_escape: ['sh','rm','cat','./']
strict: 0
warning_counter: 2
#timer: 5
path: ['/home/synergy']
home_path: '/home/synergy'
allowed_cmd_path: ['/home/synergy']
scp: 1
sftp: 0
overssh: ['ls','echo','cd','ll','cp','mv','unzip','zip','rm','sh','chmod','cat','./']

And when I run script by command "sh script_name.sh" and then get out of the PuTTy - the script stops working, how to fix it all?

[ghantoos]

Have you tried adding './shutdown.sh' to the allowed list?

[ghantoos]

Nothing can be executed unless it has been allowed by the administrator.

[Hodor228]

when I run script by command "sh script_name.sh" and then get out of the PuTTy - the script stops working, how to fix it?

"Have you tried adding './shutdown.sh' to the allowed list?" - nope. "By allowing 'bash' you are basically allowing your user to get out of the restricted shell." sh like bash?

UPD: "Have you tried adding './shutdown.sh' to the allowed list?" - start work but TAB not works... ./shut TAB - does not fill command itself :( Can you fix it and make the normal work ./ ?

[ghantoos]

On Jun 27, 2016 10:56 PM, "Hodor228" notifications@github.com wrote:

when I run script by command "sh script_name.sh" and then get out of the PuTTy - the script stops working, how to fix it?

I am not sure what your script does. There is an open bug about this, but I am not sure if this is the same scenario.

"Have you tried adding './shutdown.sh' to the allowed list?" - nope.

You should. It would fix your execution permission issue.

"By allowing 'bash' you are basically allowing your user to get out of the restricted shell." sh like bash?

Yes, of course, same.

[Hodor228]

start work but TAB not works... ./shut TAB - does not fill command itself :( Can you fix it and make the normal work ./ ?

[ghantoos]

This is a bug that needs to be addressed. I will add this to the todo list. Thanks for reporting it!