when user login , the shell show permission denied message


Hi
I test user shell, I test 2 condition :(1)user use bash shell then
perform /usr/bin/pcksh(2)modify /etc/passwd, modify user's shell to
/usr/bin/pcksh
but both show "permission denied" like below:
[Condition-1]
login as: wencheng
Using keyboard-interactive authentication.
Password:
Last login: Wed Nov 6 13:50:28 2013 from 192.168.0.78
wencheng@teDir:~> echo $SHELL
/bin/bash
wencheng@teDir:~> /usr/bin/pcksh
/usr/bin/pcksh: /etc/bash.bashrc[84]: Permission denied
wencheng@teDir:/home/wencheng> echo $SHELL
/bin/bash
wencheng@teDir:/home/wencheng>


[Condition-2]
login as: wencheng
Using keyboard-interactive authentication.
Password:
Last login: Wed Nov 6 13:54:06 2013 from 192.168.0.153
pcksh: /etc/profile[122]: Permission denied
pcksh: /etc/profile[241]: Permission denied
pcksh: /etc/profile.d/xdg-environment.sh[34]: Permission denied
pcksh: /etc/profile.d/xdg-environment.sh[47]: Permission denied
$ echo $SHELL
/usr/bin/pcksh


even I get these permission message, I still could perform command which
control by C.C.M

if I need modify other ?? (I had add "set -o remote" to
/etc/profile.pcksh)

wyldkao


--
wyldkao
------------------------------------------------------------------------
wyldkao's Profile: https://forums.netiq.com/member.php?userid=1688
View this thread: https://forums.netiq.com/showthread.php?t=49153

  • What do you have on lines 122 and 241 of /etc/profile, and on lines 34 and
    47 of /etc/profile.d/xdg-environment.sh on this system?


    --
    Good luck.

    If you find this post helpful and are logged into the web interface,
    show your appreciation and click on the star below...

  • Don't modify users shells to /usr/bin/pcksh. This not a good practice.

    If you want to audit normal user, you can change their shells to
    /usr/bin/cpcksh then add a Rule to authorize it, as follows:

    Example
    Begin Rule: cpcksh as login shell
    If ((command IN cpcksh shell login))
    Then
    Set Authorize: yes
    Set Session Capture: yes
    Stop if authorized
    End If
    End Rule: cpcksh as login shell
    and
    And/Or if you want to give someone a privileged shell (pcksh) as root
    after they login the would need to run 'usrun -u root pcksh' and you'd
    need to create a rule as follows:

    Example:
    Begin Rule: pcksh as root
    If (command IN pcksh AND (user IN Security Admins))
    Then
    Set Authorize: yes
    Set Session Capture: yes
    Set runUser = "root"
    Stop if authorized
    End If
    End Rule: pcksh as root


    Finally the 'set -o remote' discussion is on another thread. I have
    explained it there.
    -Brett


    --
    deni
    ------------------------------------------------------------------------
    deni's Profile: https://forums.netiq.com/member.php?userid=1793
    View this thread: https://forums.netiq.com/showthread.php?t=49153