Re: rsh shell

---

• From: Nico Kadel-Garcia <nkadel@xxxxxxxxx>
• Date: Mon, 12 Jan 2009 17:49:26 -0800 (PST)

---

On Jan 12, 5:16 am, RedGrittyBrick <RedGrittyBr...@xxxxxxxxxxxxxxxxx>
wrote:

Nico Kadel-Garcia wrote:

On Jan 10, 3:20 pm, Jean-Pierre Radley <j...@xxxxxxx> wrote:

andy...@xxxxxxxxxxxx typed (on Sat, Jan 10, 2009 at 12:02:01PM -0800):
| I have a user account that I've assigned the rsh shell to lock them
| into their home directory,but they also need to download files. How
| can i setup this access.

See if TA 109467 doesn't give you a solution.

You don't, with rsh. Seriously. Update to a contemporary version of
SSH with the chroot sftp options, or switch to an Apache with WebDAV
capability running over HTTPS. Trying to wrap chroot cages around rsh
environments to provide upload or download only, reliably and
securely, is like keeping a pudding in a paper bag. You might contain
it for a while, just because the pudding takes a few moments to soak
through the bag, but rsh and its related rcp utilities are far too
flexible to attempt to cage them in such a simple fashion. The
password handling problems of rsh alone justify researching a superior
solution.

Has there been a misunderstanding?

On OpenServer, rsh is *not* the Berkeley remote shell, it is the
restricted shell (like `ksh -r` or `bash -r`). These are rather
different things. Defining a user's login shell (in /etc/passwd) as a
restricted shell is different from using a remote shell service.

Apparently yes. I assumed you meant the 'rsh protocol', which is what
the OpenServer rcmd command actually uses, not the rsh command itself.
I just spent my last year in an SCO OpenServer environment where
everyone used the word that way.

But much of my point stands, even with rcmd. Restricting the shell
itself, in an environment where file transfer is the desire, is fairly
pointless, because of the lack of an effective chroot cage to restrict
access to an appropriate part of the server's file system. Such
restriction can be done by various, vastly more effective and secure
means.
.

---

• References:
  • rsh shell
    • From: andymat
  • Re: rsh shell
    • From: Jean-Pierre Radley
  • Re: rsh shell
    • From: Nico Kadel-Garcia
  • Re: rsh shell
    • From: RedGrittyBrick

• Prev by Date: Re: Are there any hardware monitoring programs for OSR5.0.7?
• Next by Date: LIST command not working
• Previous by thread: Re: rsh shell
• Next by thread: Are there any hardware monitoring programs for OSR5.0.7?
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: waitFor and return (very strange) ... > rsh started by command line or java.Must i set an hide variable? ... treated differently by the remote shell. ... (comp.lang.java.programmer) Re: How to detach from remote command? ... was to disassociate the task from the shell that rsh brought up. ... rsh brings up a shell on the remote machine ... No, the forked remote process keeps the connection open as it has stdin/out/err all connected to the connection; when it finishes, it closes the streams and so the connection can then die. ... (comp.os.linux) Re: rsh shell ... Trying to wrap chroot cages around rsh ... is like keeping a pudding in a paper bag. ... On OpenServer, rsh is *not* the Berkeley remote shell, it is the ... Defining a user's login shell as a restricted shell is different from using a remote shell service. ... (comp.unix.sco.misc) Re: rlogin issues ... i have enabled the "shell" in my ... However, after i enabled, i still dont get port 514. ... Port 514 isn't rlogin. ... It's rsh. ... (comp.unix.solaris) Re: rsh shell ... | into their home directory,but they also need to download files. ... You don't, with rsh. ... is like keeping a pudding in a paper bag. ... (comp.unix.sco.misc)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(14)