Monitoring users cd'ing out of their ~ - Security

This is a discussion on Monitoring users cd'ing out of their ~ - Security ; I'm running a fairly strict hosting server and I'd like to be able to monitor when users cd out of their home dir and then write a perl daemon to automatically do something suitably punishing. I have snoopy ( http://freshmeat.net/projects/snoopy_logger/ ...

+ Reply to Thread
Results 1 to 16 of 16

Thread: Monitoring users cd'ing out of their ~

  1. Monitoring users cd'ing out of their ~

    I'm running a fairly strict hosting server and I'd like to be able to
    monitor when users cd out of their home dir and then write a perl
    daemon to automatically do something suitably punishing.

    I have snoopy (http://freshmeat.net/projects/snoopy_logger/)
    installed, but it doesn't seem to be logging `cd` commands.

    Any ideas? I'm sure I've seen this implemented fairly well before.

    Thanks

    A


  2. Re: Monitoring users cd'ing out of their ~

    Adam wrote:

    > I'm running a fairly strict hosting server


    (not yet you're not)

    > and I'd like to be able to
    > monitor when users cd out of their home dir and then write a perl
    > daemon to automatically do something suitably punishing.
    >


    Sounds a lot like hard work. Why not just give them chroot logins?

    C.


  3. Re: Monitoring users cd'ing out of their ~

    On Mar 5, 1:57 pm, "Adam" wrote:
    > I'm running a fairly strict hosting server and I'd like to be able to
    > monitor when users cd out of their home dir and then write a perl
    > daemon to automatically do something suitably punishing.
    >
    > I have snoopy (http://freshmeat.net/projects/snoopy_logger/)
    > installed, but it doesn't seem to be logging `cd` commands.
    >
    > Any ideas? I'm sure I've seen this implemented fairly well before.
    >
    > Thanks
    >
    > A


    You could implement GRSecurity into the kernel and monitor the log
    accordingly. It will track damn near everything if you let it. I often
    wonder if it is watching me when I am in the shower... linux kernel
    security gives me the creeps!!!


  4. Re: Monitoring users cd'ing out of their ~

    On Mon, 5 Mar 2007, Colin McKinnon wrote:

    > Adam wrote:
    >
    >> I'm running a fairly strict hosting server

    >
    > (not yet you're not)
    >
    >> and I'd like to be able to
    >> monitor when users cd out of their home dir and then write a perl
    >> daemon to automatically do something suitably punishing.
    >>

    >
    > Sounds a lot like hard work. Why not just give them chroot logins?
    >
    > C.


    That's what I would do. A chroot jail is the textbook way to allow others
    command line access securely.


    --Sir Jackery

  5. Re: Monitoring users cd'ing out of their ~

    But if you chroot the logins you will never
    get to suitably punnish the offender.

    How about rewriting the 'cd' command
    to check the home path against going outside, and log it.
    Then you get to punnish people now and then,

    Of course with the new virtual hardware cpu's, which home directory
    on which virtual machine are you checking?
    Robert

    On Tue, 06 Mar 2007 11:46:36 -0800, Sir Jackery wrote:

    > On Mon, 5 Mar 2007, Colin McKinnon wrote:
    >
    >> Adam wrote:
    >>
    >>> I'm running a fairly strict hosting server

    >>
    >> (not yet you're not)
    >>
    >>> and I'd like to be able to
    >>> monitor when users cd out of their home dir and then write a perl
    >>> daemon to automatically do something suitably punishing.
    >>>

    >>
    >> Sounds a lot like hard work. Why not just give them chroot logins?
    >>
    >> C.

    >
    > That's what I would do. A chroot jail is the textbook way to allow others
    > command line access securely.
    >
    >
    > --Sir Jackery



  6. Re: Monitoring users cd'ing out of their ~

    robert writes:

    >But if you chroot the logins you will never
    >get to suitably punnish the offender.


    >How about rewriting the 'cd' command
    >to check the home path against going outside, and log it.
    >Then you get to punnish people now and then,


    cd is a builtin in most shells. You would have to rewrite the shells.

    >Of course with the new virtual hardware cpu's, which home directory
    >on which virtual machine are you checking?
    >Robert


    >On Tue, 06 Mar 2007 11:46:36 -0800, Sir Jackery wrote:


    >> On Mon, 5 Mar 2007, Colin McKinnon wrote:
    >>
    >>> Adam wrote:
    >>>
    >>>> I'm running a fairly strict hosting server
    >>>
    >>> (not yet you're not)
    >>>
    >>>> and I'd like to be able to
    >>>> monitor when users cd out of their home dir and then write a perl
    >>>> daemon to automatically do something suitably punishing.
    >>>>
    >>>
    >>> Sounds a lot like hard work. Why not just give them chroot logins?
    >>>
    >>> C.

    >>
    >> That's what I would do. A chroot jail is the textbook way to allow others
    >> command line access securely.
    >>
    >>
    >> --Sir Jackery



  7. Re: Monitoring users cd'ing out of their ~

    On Wed, 7 Mar 2007, Unruh wrote:

    > robert writes:
    >
    >> But if you chroot the logins you will never
    >> get to suitably punnish the offender.

    >
    >> How about rewriting the 'cd' command
    >> to check the home path against going outside, and log it.
    >> Then you get to punnish people now and then,

    >
    > cd is a builtin in most shells. You would have to rewrite the shells.


    Thank god for open source!



    >
    >> Of course with the new virtual hardware cpu's, which home directory
    >> on which virtual machine are you checking?
    >> Robert

    >
    >> On Tue, 06 Mar 2007 11:46:36 -0800, Sir Jackery wrote:

    >
    >>> On Mon, 5 Mar 2007, Colin McKinnon wrote:
    >>>
    >>>> Adam wrote:
    >>>>
    >>>>> I'm running a fairly strict hosting server
    >>>>
    >>>> (not yet you're not)
    >>>>
    >>>>> and I'd like to be able to
    >>>>> monitor when users cd out of their home dir and then write a perl
    >>>>> daemon to automatically do something suitably punishing.
    >>>>>
    >>>>
    >>>> Sounds a lot like hard work. Why not just give them chroot logins?
    >>>>
    >>>> C.
    >>>
    >>> That's what I would do. A chroot jail is the textbook way to allow others
    >>> command line access securely.
    >>>
    >>>
    >>> --Sir Jackery

    >
    >


  8. Re: Monitoring users cd'ing out of their ~

    On Wed, 7 Mar 2007, robert wrote:

    > But if you chroot the logins you will never
    > get to suitably punnish the offender.
    >
    > How about rewriting the 'cd' command
    > to check the home path against going outside, and log it.
    > Then you get to punnish people now and then,


    Excellent idea. I'm tempted to rewrite mine even though I'm the only user
    on this system (-:

    -SJ

    >
    > Of course with the new virtual hardware cpu's, which home directory
    > on which virtual machine are you checking?
    > Robert
    >
    > On Tue, 06 Mar 2007 11:46:36 -0800, Sir Jackery wrote:
    >
    >> On Mon, 5 Mar 2007, Colin McKinnon wrote:
    >>
    >>> Adam wrote:
    >>>
    >>>> I'm running a fairly strict hosting server
    >>>
    >>> (not yet you're not)
    >>>
    >>>> and I'd like to be able to
    >>>> monitor when users cd out of their home dir and then write a perl
    >>>> daemon to automatically do something suitably punishing.
    >>>>
    >>>
    >>> Sounds a lot like hard work. Why not just give them chroot logins?
    >>>
    >>> C.

    >>
    >> That's what I would do. A chroot jail is the textbook way to allow others
    >> command line access securely.
    >>
    >>
    >> --Sir Jackery

    >
    >


  9. Re: Monitoring users cd'ing out of their ~

    Sir Jackery writes:

    >On Wed, 7 Mar 2007, Unruh wrote:


    >> robert writes:
    >>
    >>> But if you chroot the logins you will never
    >>> get to suitably punnish the offender.

    >>
    >>> How about rewriting the 'cd' command
    >>> to check the home path against going outside, and log it.
    >>> Then you get to punnish people now and then,

    >>
    >> cd is a builtin in most shells. You would have to rewrite the shells.


    >Thank god for open source!


    But of course that would not be enough since the user can just do
    /usr/bin/wgatever
    to run wgatever without using cd at all. Ie, cd would only be the first of
    your worries.

    You eitehr need to set up a chroot jail ( in which case you have to make
    sure that ALL opf the libraries, /etc filed, programs, etc are in that
    jail) or trust your users.




    >>
    >>> Of course with the new virtual hardware cpu's, which home directory
    >>> on which virtual machine are you checking?
    >>> Robert

    >>
    >>> On Tue, 06 Mar 2007 11:46:36 -0800, Sir Jackery wrote:

    >>
    >>>> On Mon, 5 Mar 2007, Colin McKinnon wrote:
    >>>>
    >>>>> Adam wrote:
    >>>>>
    >>>>>> I'm running a fairly strict hosting server
    >>>>>
    >>>>> (not yet you're not)
    >>>>>
    >>>>>> and I'd like to be able to
    >>>>>> monitor when users cd out of their home dir and then write a perl
    >>>>>> daemon to automatically do something suitably punishing.
    >>>>>>
    >>>>>
    >>>>> Sounds a lot like hard work. Why not just give them chroot logins?
    >>>>>
    >>>>> C.
    >>>>
    >>>> That's what I would do. A chroot jail is the textbook way to allow others
    >>>> command line access securely.
    >>>>
    >>>>
    >>>> --Sir Jackery

    >>
    >>


  10. Re: Monitoring users cd'ing out of their ~

    On Wed, 7 Mar 2007, Unruh wrote:

    > Sir Jackery writes:
    >
    >> On Wed, 7 Mar 2007, Unruh wrote:

    >
    >>> robert writes:
    >>>
    >>>> But if you chroot the logins you will never
    >>>> get to suitably punnish the offender.
    >>>
    >>>> How about rewriting the 'cd' command
    >>>> to check the home path against going outside, and log it.
    >>>> Then you get to punnish people now and then,
    >>>
    >>> cd is a builtin in most shells. You would have to rewrite the shells.

    >
    >> Thank god for open source!

    >
    > But of course that would not be enough since the user can just do
    > /usr/bin/wgatever
    > to run wgatever without using cd at all. Ie, cd would only be the first of
    > your worries.
    >
    > You eitehr need to set up a chroot jail ( in which case you have to make
    > sure that ALL opf the libraries, /etc filed, programs, etc are in that
    > jail) or trust your users.
    >


    Right, but the OP only wants to know when a user uses the command cd.
    Besides, it's a trap! The user doesn't know not to use cd, and when he
    does, POW, he is criticized by a script (-:. Obviously a hole covered
    with leaves in the wilderness doesn't work if you walk around it, but if
    you don't know it's there then you'll end up as one of Stewie's lost
    children.


    >>>
    >>>> Of course with the new virtual hardware cpu's, which home directory
    >>>> on which virtual machine are you checking?
    >>>> Robert
    >>>
    >>>> On Tue, 06 Mar 2007 11:46:36 -0800, Sir Jackery wrote:
    >>>
    >>>>> On Mon, 5 Mar 2007, Colin McKinnon wrote:
    >>>>>
    >>>>>> Adam wrote:
    >>>>>>
    >>>>>>> I'm running a fairly strict hosting server
    >>>>>>
    >>>>>> (not yet you're not)
    >>>>>>
    >>>>>>> and I'd like to be able to
    >>>>>>> monitor when users cd out of their home dir and then write a perl
    >>>>>>> daemon to automatically do something suitably punishing.
    >>>>>>>
    >>>>>>
    >>>>>> Sounds a lot like hard work. Why not just give them chroot logins?
    >>>>>>
    >>>>>> C.
    >>>>>
    >>>>> That's what I would do. A chroot jail is the textbook way to allow others
    >>>>> command line access securely.
    >>>>>
    >>>>>
    >>>>> --Sir Jackery
    >>>
    >>>

    >


  11. Re: Monitoring users cd'ing out of their ~

    In comp.os.linux.security Unruh :
    > Sir Jackery writes:


    >>On Wed, 7 Mar 2007, Unruh wrote:


    >>> robert writes:


    >>>> But if you chroot the logins you will never
    >>>> get to suitably punnish the offender.


    >>>> How about rewriting the 'cd' command
    >>>> to check the home path against going outside, and log it.
    >>>> Then you get to punnish people now and then,


    >>> cd is a builtin in most shells. You would have to rewrite the shells.


    >>Thank god for open source!


    > But of course that would not be enough since the user can just do
    > /usr/bin/wgatever
    > to run wgatever without using cd at all. Ie, cd would only be the first of
    > your worries.


    > You eitehr need to set up a chroot jail ( in which case you have to make
    > sure that ALL opf the libraries, /etc filed, programs, etc are in that
    > jail) or trust your users.


    The OP might like to look into process accounting, dunno if it
    logs such things, but it might be worth a look. Iirc had it only
    running on a single box shortly it filled up /var in not time.;(

    --
    Michael Heiming (X-PGP-Sig > GPG-Key ID: EDD27B94)
    mail: echo zvpunry@urvzvat.qr | perl -pe 'y/a-z/n-za-m/'
    #bofh excuse 406: Bad cafeteria food landed all the sysadmins
    in the hospital.

  12. Re: Monitoring users cd'ing out of their ~

    On Mar 7, 5:43 pm, Sir Jackery wrote:
    > On Wed, 7 Mar 2007, Unruh wrote:
    > > Sir Jackery writes:

    >
    > >> On Wed, 7 Mar 2007, Unruh wrote:

    >
    > >>> robert writes:

    >
    > >>>> But if you chroot the logins you will never
    > >>>> get to suitably punnish the offender.

    >
    > >>>> How about rewriting the 'cd' command
    > >>>> to check the home path against going outside, and log it.
    > >>>> Then you get to punnish people now and then,

    >
    > >>> cd is a builtin in most shells. You would have to rewrite the shells.

    >
    > >> Thank god for open source!

    >
    > > But of course that would not be enough since the user can just do
    > > /usr/bin/wgatever
    > > to run wgatever without using cd at all. Ie, cd would only be the first of
    > > your worries.

    >
    > > You eitehr need to set up a chroot jail ( in which case you have to make
    > > sure that ALL opf the libraries, /etc filed, programs, etc are in that
    > > jail) or trust your users.

    >
    > Right, but the OP only wants to know when a user uses the command cd.
    > Besides, it's a trap! The user doesn't know not to use cd, and when he
    > does, POW, he is criticized by a script (-:. Obviously a hole covered
    > with leaves in the wilderness doesn't work if you walk around it, but if
    > you don't know it's there then you'll end up as one of Stewie's lost
    > children.
    >
    >
    >
    > >>>> Of course with the new virtual hardware cpu's, which home directory
    > >>>> on which virtual machine are you checking?
    > >>>> Robert

    >
    > >>>> On Tue, 06 Mar 2007 11:46:36 -0800, Sir Jackery wrote:

    >
    > >>>>> On Mon, 5 Mar 2007, Colin McKinnon wrote:

    >
    > >>>>>> Adam wrote:

    >
    > >>>>>>> I'm running a fairly strict hosting server

    >
    > >>>>>> (not yet you're not)

    >
    > >>>>>>> and I'd like to be able to
    > >>>>>>> monitor when users cd out of their home dir and then write a perl
    > >>>>>>> daemon to automatically do something suitably punishing.

    >
    > >>>>>> Sounds a lot like hard work. Why not just give them chroot logins?

    >
    > >>>>>> C.

    >
    > >>>>> That's what I would do. A chroot jail is the textbook way to allow others
    > >>>>> command line access securely.

    >
    > >>>>> --Sir Jackery


    Here's a dumb idea to be picked apart:
    in ~/.bashrc :
    ##somewhere near the end....
    alias cd='/path/to/my/replacement/cd'

    the aliased 'cd' could be a binary or script,
    which does the 'punishing'.

    Seems like like it would just be easier to
    use the chroot suggestins, though.

    HTH,
    Tarkin


  13. Re: Monitoring users cd'ing out of their ~

    On Tue, 13 Mar 2007, Tarkin wrote:

    > On Mar 7, 5:43 pm, Sir Jackery wrote:
    >> On Wed, 7 Mar 2007, Unruh wrote:
    >>> Sir Jackery writes:

    >>
    >>>> On Wed, 7 Mar 2007, Unruh wrote:

    >>
    >>>>> robert writes:

    >>
    >>>>>> But if you chroot the logins you will never
    >>>>>> get to suitably punnish the offender.

    >>
    >>>>>> How about rewriting the 'cd' command
    >>>>>> to check the home path against going outside, and log it.
    >>>>>> Then you get to punnish people now and then,

    >>
    >>>>> cd is a builtin in most shells. You would have to rewrite the shells.

    >>
    >>>> Thank god for open source!

    >>
    >>> But of course that would not be enough since the user can just do
    >>> /usr/bin/wgatever
    >>> to run wgatever without using cd at all. Ie, cd would only be the first of
    >>> your worries.

    >>
    >>> You eitehr need to set up a chroot jail ( in which case you have to make
    >>> sure that ALL opf the libraries, /etc filed, programs, etc are in that
    >>> jail) or trust your users.

    >>
    >> Right, but the OP only wants to know when a user uses the command cd.
    >> Besides, it's a trap! The user doesn't know not to use cd, and when he
    >> does, POW, he is criticized by a script (-:. Obviously a hole covered
    >> with leaves in the wilderness doesn't work if you walk around it, but if
    >> you don't know it's there then you'll end up as one of Stewie's lost
    >> children.
    >>
    >>
    >>
    >>>>>> Of course with the new virtual hardware cpu's, which home directory
    >>>>>> on which virtual machine are you checking?
    >>>>>> Robert

    >>
    >>>>>> On Tue, 06 Mar 2007 11:46:36 -0800, Sir Jackery wrote:

    >>
    >>>>>>> On Mon, 5 Mar 2007, Colin McKinnon wrote:

    >>
    >>>>>>>> Adam wrote:

    >>
    >>>>>>>>> I'm running a fairly strict hosting server

    >>
    >>>>>>>> (not yet you're not)

    >>
    >>>>>>>>> and I'd like to be able to
    >>>>>>>>> monitor when users cd out of their home dir and then write a perl
    >>>>>>>>> daemon to automatically do something suitably punishing.

    >>
    >>>>>>>> Sounds a lot like hard work. Why not just give them chroot logins?

    >>
    >>>>>>>> C.

    >>
    >>>>>>> That's what I would do. A chroot jail is the textbook way to allow others
    >>>>>>> command line access securely.

    >>
    >>>>>>> --Sir Jackery

    >
    > Here's a dumb idea to be picked apart:
    > in ~/.bashrc :
    > ##somewhere near the end....
    > alias cd='/path/to/my/replacement/cd'
    >
    > the aliased 'cd' could be a binary or script,
    > which does the 'punishing'.


    Sounds like a good idea to me.

    >
    > Seems like like it would just be easier to
    > use the chroot suggestins, though.


    Not as secure though. The user could easily change it. But would they know
    or think to do so? Probably not. If I were a malicious person, I wouldn't
    routinely check aliases before doing something malicious.

    --Sir Jackery

  14. Re: Monitoring users cd'ing out of their ~

    On Mar 14, 2:14 am, "Tarkin" wrote:
    > On Mar 7, 5:43 pm, Sir Jackery wrote:
    >
    >
    >
    > > On Wed, 7 Mar 2007, Unruh wrote:
    > > > Sir Jackery writes:

    >
    > > >> On Wed, 7 Mar 2007, Unruh wrote:

    >
    > > >>> robert writes:

    >
    > > >>>> But if you chroot the logins you will never
    > > >>>> get to suitably punnish the offender.

    >
    > > >>>> How about rewriting the 'cd' command
    > > >>>> to check the home path against going outside, and log it.
    > > >>>> Then you get to punnish people now and then,

    >
    > > >>> cd is a builtin in most shells. You would have to rewrite the shells.

    >
    > > >> Thank god for open source!

    >
    > > > But of course that would not be enough since the user can just do
    > > > /usr/bin/wgatever
    > > > to run wgatever without using cd at all. Ie, cd would only be the first of
    > > > your worries.

    >
    > > > You eitehr need to set up a chroot jail ( in which case you have to make
    > > > sure that ALL opf the libraries, /etc filed, programs, etc are in that
    > > > jail) or trust your users.

    >
    > > Right, but the OP only wants to know when a user uses the command cd.
    > > Besides, it's a trap! The user doesn't know not to use cd, and when he
    > > does, POW, he is criticized by a script (-:. Obviously a hole covered
    > > with leaves in the wilderness doesn't work if you walk around it, but if
    > > you don't know it's there then you'll end up as one of Stewie's lost
    > > children.

    >
    > > >>>> Of course with the new virtual hardware cpu's, which home directory
    > > >>>> on which virtual machine are you checking?
    > > >>>> Robert

    >
    > > >>>> On Tue, 06 Mar 2007 11:46:36 -0800, Sir Jackery wrote:

    >
    > > >>>>> On Mon, 5 Mar 2007, Colin McKinnon wrote:

    >
    > > >>>>>> Adam wrote:

    >
    > > >>>>>>> I'm running a fairly strict hosting server

    >
    > > >>>>>> (not yet you're not)

    >
    > > >>>>>>> and I'd like to be able to
    > > >>>>>>> monitor when users cd out of their home dir and then write a perl
    > > >>>>>>> daemon to automatically do something suitably punishing.

    >
    > > >>>>>> Sounds a lot like hard work. Why not just give them chroot logins?

    >
    > > >>>>>> C.

    >
    > > >>>>> That's what I would do. A chroot jail is the textbook way to allow others
    > > >>>>> command line access securely.

    >
    > > >>>>> --Sir Jackery

    >
    > Here's a dumb idea to be picked apart:
    > in ~/.bashrc :
    > ##somewhere near the end....
    > alias cd='/path/to/my/replacement/cd'
    >
    > the aliased 'cd' could be a binary or script,
    > which does the 'punishing'.


    Unfortunately, 'cd' /must/ be a builtin component of the shell in
    order to work.

    While an external binary or script /could/ chdir itself, that will
    only last until the end of the process that actually performs the
    chdir. In other words, your alias will cause '/path/to/my/replacement/
    cd' to execute, and once it has executed, no matter what it did, the
    user will still be in the original directory.




  15. Re: Monitoring users cd'ing out of their ~

    On Mar 14, 1:03 pm, "Lew Pitcher" wrote:
    > On Mar 14, 2:14 am, "Tarkin" wrote:

    [snip]
    > > Here's a dumb idea to be picked apart:
    > > in ~/.bashrc :
    > > ##somewhere near the end....
    > > alias cd='/path/to/my/replacement/cd'

    >
    > > the aliased 'cd' could be a binary or script,
    > > which does the 'punishing'.

    >
    > Unfortunately, 'cd' /must/ be a builtin component of the shell in
    > order to work.
    >
    > While an external binary or script /could/ chdir itself, that will
    > only last until the end of the process that actually performs the
    > chdir. In other words, your alias will cause '/path/to/my/replacement/
    > cd' to execute, and once it has executed, no matter what it did, the
    > user will still be in the original directory.


    Witness:
    lpitcher@merlin:~$ alias | grep cd
    alias cd='/home/lpitcher/bin/mycd'

    lpitcher@merlin:~$ ls -l /home/lpitcher/bin/mycd
    -rwxr-xr-x 1 lpitcher users 40 2007-03-14 13:10 /home/lpitcher/bin/
    mycd*

    lpitcher@merlin:~$ cat /home/lpitcher/bin/mycd
    #!/bin/bash
    echo Invoked $0
    cd /tmp
    pwd

    lpitcher@merlin:~$ pwd
    /home/lpitcher

    lpitcher@merlin:~$ cd /usr/local/src
    Invoked /home/lpitcher/bin/mycd
    /tmp

    lpitcher@merlin:~$ pwd
    /home/lpitcher

    lpitcher@merlin:~$


  16. Re: Monitoring users cd'ing out of their ~

    On Mar 5, 3:57 pm, "Adam" wrote:
    > I'm running a fairly strict hosting server and I'd like to be able to
    > monitor when users cd out of their home dir and then write a perl
    > daemon to automatically do something suitably punishing.


    Why?

    Why not just give them a restricted shell, so that they can't cd out
    of their home directory?
    See the bash(1) ("man 1 bash") section called "RESTRICTED SHELL"


    RESTRICTED SHELL
    If bash is started with the name rbash, or the -r option is
    supplied at
    invocation, the shell becomes restricted. A restricted shell
    is used
    to set up an environment more controlled than the standard
    shell. It
    behaves identically to bash with the exception that the
    following are
    disallowed or not performed:

    changing directories with cd

    setting or unsetting the values of SHELL, PATH, ENV, or
    BASH_ENV

    specifying command names containing /

    specifying a file name containing a / as an argument
    to the .
    builtin command

    Specifying a filename containing a slash as an
    argument to the
    -p option to the hash builtin command

    importing function definitions from the shell
    environment at
    startup

    parsing the value of SHELLOPTS from the shell
    environment at
    startup

    redirecting output using the >, >|, <>, >&, &>, and >>
    redirect-
    ion operators

    using the exec builtin command to replace the shell with
    another
    command

    adding or deleting builtin commands with the -f and -d
    options
    to the enable builtin command

    Using the enable builtin command to enable
    disabled shell
    builtins

    specifying the -p option to the command builtin command

    turning off restricted mode with set +r or set +o
    restricted.

    These restrictions are enforced after any startup files are
    read.

    When a command that is found to be a shell script is executed
    (see COM-
    MAND EXECUTION above), rbash turns off any restrictions in
    the shell
    spawned to execute the script.


+ Reply to Thread