From: Paveza, Gary (gary.paveza@AIG.COM)
Date: Thu Aug 12 2004 - 21:18:13 EDT
I'm setting up secure shell and noticed a somewhat weird behavior.
I have a user ID called report, which is setup with restricted shell
(/usr/bin/rsh), and a PATH to only /usr/rbin. /usr/rbin contains only links
to ssh, scp, and sftp.
If I try to su and execute the command as one command I get an error
indicating that the operation is not allowed in restricted shell. However,
if I su - report, then execute the same exact command, it's allowed. Has
anyone seen this behavior?
I'm running Secure Shell A.03.81.002 supplied by HP.
Script started on Thu Aug 12 15:18:27 2004
#
# whoami
root
#
# su - report -c "/usr/rbin/scp eta:sysinfo_* /home/report"
<login banner removed to save space>
rsh: /usr/rbin/scp: The operation is not allowed in a restricted shell.
#
# su - report
$ pwd
/home/report
$
$ scp eta:sysinfo_* /home/report
<login banner removed to save space>
sysinfo_eta_20040811.html 0% 0 0.0KB/s --:--
ETA
sysinfo_eta_20040811.html 100% 195KB 194.6KB/s 00:00
sysinfo_eta_20040811.index.html 0% 0 0.0KB/s --:--
ETA
sysinfo_eta_20040811.index.html 100% 1713 1.7KB/s 00:00
sysinfo_eta_20040811.main.html 0% 0 0.0KB/s --:--
ETA
sysinfo_eta_20040811.main.html 100% 193KB 192.8KB/s 00:00
$ echo $PATH
/usr/rbin
$ exit
--------------------------------------------------------
Gary Paveza, Jr.
Senior Systems Administrator -CSA
(302) 252-4831 - phone
(302) 588-6368 - cell
--
---> Please post QUESTIONS and SUMMARIES only!! <---
To subscribe/unsubscribe to this list, contact majordomo@dutchworks.nl
Name: hpux-admin@dutchworks.nl Owner: owner-hpux-admin@dutchworks.nl
Archives: ftp.dutchworks.nl:/pub/digests/hpux-admin (FTP, browse only)
http://www.dutchworks.nl/htbin/hpsysadmin (Web, browse & search)
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 11:02:42 EDT