0

I have a few dozen Solaris(5.10) boxes. By default, they are using ksh as the shell. Only a few users have sudo privileges. The rest do not. I don't want my regular users changing to another shell.

Here is what I've done:

Minimal sudoers so /etc/passwd is out of the question for them. Minimal sudoers so usermod -s is out of the question for them.

I have NOT disabled access to the shells in /bin or /usr/bin yet, but it will be done - so please disregard the fact that it hasn't been done yet. So, in theory they could write startup scripts to execute them, right? Am I missing anything else?

Publiccert
  • 1,112
  • 1
  • 8
  • 22
  • 1
    You are missing to explain what is wrong with allowing users to use the shell they prefer/know better. – jlliagre Jan 31 '12 at 14:39
  • Not knowing WHY hardly seems to impact what the issue is. Can you explain how its relevant? I may not want my users being able to use root whenever they want. Wanting to know how to prevent root access seems independent of why I don't want them having it. – Publiccert Jan 31 '12 at 15:07
  • @Publiccert: Knowing why does help because there may be better ways to achieve what you want to do which is not entirely clear. Nothing in your question says anything about preventing root access either. – user9517 Jan 31 '12 at 15:21

1 Answers1

0

If your users are able to execute another shell then there is nothing you can do to stop them running a new shell from the command line or a startup script.

ksh$ bash
bash-3$  csh
csh% zsh
zsh%

etc.

user9517
  • 115,471
  • 20
  • 215
  • 297