How to trap !sh at keyboard

Chet Nichols III chet.nichols at gmail.com
Sat May 24 15:01:11 UTC 2008 

Unless you have some modified version of shutdown, only root should be able
to run it anyway. So, for a user to type !sh and get the box to shutdown,
they'd have to be logged in as root or knowingly type "sudo !sh" if they
have sudo, in which case, they shouldn't have sudo or the root password.

However, if shutdown is for some reason executable by anyone, you could just
chmod go-x it and make sure its owned by root (it should be), making it
executable only by root. At that point, any non-root or non-sudo user typing
!sh will just get "permission denied" when they try to run it.

You could also remote /sbin from everyones PATH by taking it out of
/etc/profile.

Good luck!

Chet

On Fri, May 23, 2008 at 7:27 PM, Paul Dwerryhouse <paul at dwerryhouse.com.au>
wrote:

> On Fri, May 23, 2008 at 01:53:20PM -0400, Billy Davis wrote:
> > It seems that some of  our users are inclined to key in '!sh' at the
> > shell prompt, which promptly shuts down our Red Hat Enterprise 3 Server,
> > interrupting everyone else's work.  Is there a line that we can add to
> > the inittab file, that will trap this string, in the same fashion that
> > the 'ca::ctrlaltdel:/sbin/shutdown -t3 -r now' line traps
> > Ctrl-Alt-Delete inputs?
>
> Dodgy answer: move /sbin/shutdown to a location that isn't in the path,
> so that typing just 'shutdown' from a command line without the full path
> to it will result in 'command not found'.
>
> Better answer: take root access away from users who aren't sensible
> enough to know how to use it properly. If they *have* to have root
> access for some reason (and I really can't think of any reason why they
> should have it), force them to use sudo with a restricted range of
> commands that they need.
>
> Cheers,
>
> Paul
>
> --
> Paul Dwerryhouse                                | PGP Key ID: 0x6B91B584
> ========================================================================
>
> http://linoleum.leapster.org/ - Linux Programming Resources
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>



-- 
/*
Chet Nichols III
mail: chet.nichols at gmail.com
(aim: chet / twitter: chet)
*/

More information about the redhat-list mailing list