Re: Restricted Bash - Not so restrictive (in 4.2 as well)

[Pierre Gaston]

On Thu, Jan 12, 2012 at 12:26 PM, Sarnath K - ERS, HCLTech
<k_sarnath@hcl.com> wrote:
> Hello Jonathan,
>
> Thanks for your inputs. I was able to created a super-restricted login.
> Here are a few things that I learnt during this process:
>
> 1. "vim" has a restricted mode called "rvim (or) vim -Z". This way, I can 
> restrict the user from running shell commands from vim and peep into the 
> Filesystem
>    a) CAVEAT: "vim" allows the user to "read" and "write" files in the 
> file-system provided the user _knows_ the path (or guesses some file path)

>    b) So, to make it foolproof, I had to go with "nano" editor
>        - which supports a restricted mode that does not allow the user to 
> edit any other file than the one specified in the command line

Can't you read a file with: echo "$(< pathtofile)"?
I never really tried, but I'd probably look into things like chroot
(or even a vm) to provide something really restricted.