{"id":474,"date":"2017-12-13T14:59:34","date_gmt":"2017-12-13T06:59:34","guid":{"rendered":"https:\/\/blog.haostudio.net\/hwp\/?p=474"},"modified":"2017-12-13T15:14:59","modified_gmt":"2017-12-13T07:14:59","slug":"restricted-shell-%e7%9a%84%e4%bd%bf%e7%94%a8%e6%96%b9%e6%b3%95","status":"publish","type":"post","link":"https:\/\/blog.haostudio.net\/hwp\/restricted-shell-%e7%9a%84%e4%bd%bf%e7%94%a8%e6%96%b9%e6%b3%95\/","title":{"rendered":"Restricted Shell \u7684\u4f7f\u7528\u65b9\u6cd5"},"content":{"rendered":"<!--more-->\n<p>\u4e4b\u524d\u6709\u500b\u9700\u6c42, \u5c31\u662f\u5e0c\u671b\u8981\u9650\u5236\u767b\u5165linux\u7684\u4f7f\u7528\u8005\u53ea\u80fd\u4f7f\u7528\u6211\u5011\u671f\u671b\u7684\u6307\u4ee4, \u5176\u9918\u7684\u6307\u4ee4\u90fd\u4e0d\u51c6\u4f7f\u7528.\n\u4e0a\u7db2\u67e5\u4e86\u4e00\u4e9b\u8cc7\u6599, \u767c\u73fe\u6709\n<strong>Restricted shell<\/strong>\u9019\u6a23\u7684\u6771\u897f.<\/p>\n<p>\u9032\u5165\n<strong>Restricted shell<\/strong>\u7684\u65b9\u6cd5\u6709\u5f88\u591a<\/p>\n<pre><code>bash -r\nbash --restricted\nrbash\nsh -r\nrsh\nksh -r\nrksh\n<\/code><\/pre>\n<p>\u9019\u4e9b\u90fd\u53ef\u4ee5\u9032\u5165\n<strong>Restricted \u6a21\u5f0f<\/strong>.\n\u5728\u9019\u500b\u6a21\u5f0f\u4e0b, \u4f7f\u7528\u8005\u4e0d\u88ab\u5141\u8a31\u505a\u4e0b\u5217\u52d5\u4f5c<\/p>\n<ul>\n<li>changing directory<\/li>\n<li>specifying absolute pathnames or names containing a slash<\/li>\n<li>setting the PATH or SHELL variable<\/li>\n<li>redirection of output<\/li>\n<\/ul>\n<p>\u4e4d\u770b\u4e4b\u4e0b, \u4f3c\u4e4e\u6709\u9ede\u6346\u4f4f\u4f7f\u7528\u8005\u7684\u624b\u8173\u4e86, \u4f46\u662f\u55ae\u7368\u4f7f\u7528\n<strong>Restricted shell<\/strong>,\u6839\u672c\u662f\u96de\u808b. \u53ea\u8981\u4f7f\u7528\u8005\u518d\u57f7\u884c\u4e00\u6b21<code>bash<\/code>, \u5c31\u5b8c\u5168\u89e3\u812b\u675f\u7e1b\u4e86.\n\u770b\u4e0b\u9762\u4f8b\u5b50\u5c31\u77e5\u9053:<\/p>\n<pre><code>user@host:~$ rbash\nuser@host:~$ cd \/\nrbash: cd: restricted\nuser@host:~$ bash\nuser@host:~$ cd \/\nuser@host:\/$\n<\/code><\/pre>\n<p>\u56e0\u6b64, \u8981\u597d\u597d\u7684\u767c\u63ee\n<strong>Restricted shell<\/strong> \u7684\u529f\u80fd, \u9700\u8981\u518d\u52a0\u4e0a\u4e00\u4e9b\u52d5\u4f5c\u624d\u884c.<\/p>\n<ol>\n<li>\u9996\u5148, \u6211\u5011\u5148\u4fee\u6539 <code>\/etc\/passwd<\/code> , \u628a\u4f7f\u7528\u8005\u7684shell\u6539\u70ba<code>\/etc\/rbash<\/code> , \u5982\u6b64, \u4f7f\u7528\u8005\u767b\u5165\u6642\u5c31\u5df2\u7d93\u5728<strong>Restricted mode<\/strong>\u4e0b\u4e86.<\/li>\n<li><p>\u5728\u4f7f\u7528\u8005\u7684\u5bb6\u76ee\u9304\u4e2d,\u5efa\u7acb\u4e00\u500b \u53eb\u505a <code>program<\/code> \u7684\u76ee\u9304<\/p><\/li>\n<li><p>\u63a5\u4e0b\u4f86\u4fee\u6539\u4f7f\u7528\u8005\u7684<code>~\/.bashrc<\/code> , \u5728\u6700\u5f8c\u7684\u5730\u65b9 \u52a0\u4e0a <code>export PATH=${HOME}\/program<\/code> \u5982\u6b64\u4e00\u4f86, \u5c31\u5f37\u5236<code>PATH<\/code>\u7684\u8def\u5f91\u53ea\u80fd\u5920\u627e\u5230<code>~\/program<\/code>\u9019\u500b\u76ee\u9304\u800c\u5df2.<\/p><\/li>\n<li>\u6700\u5f8c, \u5c07\u958b\u653e\u7d66\u4f7f\u7528\u8005\u57f7\u884c\u7684\u7a0b\u5f0fcopy\u5230<code>program<\/code> \u9019\u500b\u76ee\u9304\u4e0b.<\/li>\n<\/ol>\n<p>\u9019\u6a23\u5373\u53ef.\n\n\u7576\u4f7f\u7528\u8005\u767b\u5165\u6642, \u5c31\u5df2\u7d93\u5728\n<strong>Restricted mode<\/strong> \u7684\u72c0\u614b\u4e0b, \u800c\u4e14<strong>PATH<\/strong>\u53c8\u4e0d\u80fd\u88ab\u4fee\u6539, \u6240\u4ee5\u5e7e\u4e4e\u6c92\u6709\u6307\u4ee4\u53ef\u4ee5\u57f7\u884c\u4e86, \u9023<code>ls<\/code>\u6307\u4ee4\u90fd\u4e0d\u80fd\u8dd1, \u5475\u5475, \u8d85\u7d1a\u53ef\u6190\u7684. \u53ea\u5269\u4e0b<code>program<\/code> \u76ee\u9304\u88e1\u7684\u7a0b\u5f0f\u53ef\u4ee5\u7528. \u800c\u4e14\u9084\u770b\u4e0d\u5230\u9019\u500b\u76ee\u9304\u6709\u54ea\u4e9b\u7a0b\u5f0f, \u5be6\u5728\u5920\u60b2\u54c0\u4e86..\n\n\u53c3\u8003\u8cc7\u6599:\n\n<\/p>","protected":false},"excerpt":{"rendered":"","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2,58,89,12],"tags":[104,105],"class_list":["post-474","post","type-post","status-publish","format-standard","hentry","category-linux","category-security","category-shell-script","category-12","tag-restricted-shell","tag-security"],"_links":{"self":[{"href":"https:\/\/blog.haostudio.net\/hwp\/wp-json\/wp\/v2\/posts\/474","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.haostudio.net\/hwp\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.haostudio.net\/hwp\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.haostudio.net\/hwp\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.haostudio.net\/hwp\/wp-json\/wp\/v2\/comments?post=474"}],"version-history":[{"count":6,"href":"https:\/\/blog.haostudio.net\/hwp\/wp-json\/wp\/v2\/posts\/474\/revisions"}],"predecessor-version":[{"id":480,"href":"https:\/\/blog.haostudio.net\/hwp\/wp-json\/wp\/v2\/posts\/474\/revisions\/480"}],"wp:attachment":[{"href":"https:\/\/blog.haostudio.net\/hwp\/wp-json\/wp\/v2\/media?parent=474"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.haostudio.net\/hwp\/wp-json\/wp\/v2\/categories?post=474"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.haostudio.net\/hwp\/wp-json\/wp\/v2\/tags?post=474"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}