lshell is a shell coded in Python, that lets you restrict a user's environment to limited sets of commands, choose to enable/disable any command over SSH (e.g. SCP, SFTP, rsync, etc.), log user's commands, implement timing restriction, and more.
GNU General Public License v3.0
439
stars
111
forks
source link
How to run the script with the correct permissions #187
Command is not in the "allowed list". but it still can be executed if i added it into a script.
I am wondering if it is expected.
When I delete the "#! / Usr / bin / bash" shell script header.
work:~$ ./test.sh
hello
a b pp test.sh uploads
PID TTY TIME CMD
12686 pts/0 00:00:00 lshell
12803 pts/0 00:00:00 sh
12805 pts/0 00:00:00 ps
You should never allow bash otherwise you're making it too easy for a user to escape out of lshell. You should add the script to the user's path then allow it in the lshell configuration.
1.Unable to execute shell script,, I got an error:
work:~$ bash test.sh hello test.sh: line 3: /usr/bin/ls: Permission denied test.sh: line 4: /usr/bin/ps: Permission denied
work:~$ cat test.sh
!/usr/bin/bash
echo "hello" ls /home/work ps
[work] allowed : ['ls','ll','echo','ps','bash'] path : ['/var', '/usr'] - ['/usr/local'] home_path : '/home/work' aliases : {'ll':'ls -l'} forbidden : [';', '&', '|','`','>','<', '$(', '${']
2.Permission is out of control
Command is not in the "allowed list". but it still can be executed if i added it into a script. I am wondering if it is expected. When I delete the "#! / Usr / bin / bash" shell script header. work:~$ ./test.sh hello a b pp test.sh uploads PID TTY TIME CMD 12686 pts/0 00:00:00 lshell 12803 pts/0 00:00:00 sh 12805 pts/0 00:00:00 ps
[work] allowed : ['ls','ll','echo','bash','cat','./test.sh'] path : ['/var', '/usr'] - ['/usr/local'] home_path : '/home/work' aliases : {'ll':'ls -l'} forbidden : [';', '&', '|','`','>','<', '$(', '${']