| From: | Bruce Momjian <bruce(at)momjian(dot)us> |
|---|---|
| To: | Ken Tanzer <ken(dot)tanzer(at)gmail(dot)com> |
| Cc: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: Disable executing external commands from psql? |
| Date: | 2010-06-01 23:57:39 |
| Message-ID: | 201006012357.o51Nvd606212@momjian.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Ken Tanzer wrote:
> Hi. I'm wondering if it is possible to disable use of \! to execute
> commands in psql? I see this has come up on the list before
> (http://archives.postgresql.org/pgsql-admin/2007-07/msg00242.php) but I
> don't see anyone saying whether it is possible or not, just that it's a
> bad or useless idea.
>
> It may or may not be a bad idea (e.g., carry some risk). My scenario is
> that I'd like to give people that I don't necessarily know (or therefore
> trust) the ability to run psql for a database I've already set up for
> them. I set their login shell to psql, so they can simply ssh in, and
> they are in psql. From there, though, they can do a simple \!
> /bin/bash, and they've got way more access than I want them to.
>
> So is there any way to disable the "\!" stuff? If there's a better way
> to go about this, I suppose I'm all ears too!
Sure use SHELL=/usr/bin/false:
$ SHELL=/usr/bin/false psql
psql (9.0beta1)
Type "help" for help.
postgres=> \!
postgres=>
--
Bruce Momjian <bruce(at)momjian(dot)us> http://momjian.us
EnterpriseDB http://enterprisedb.com
+ None of us is going to be here forever. +
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Ken Tanzer | 2010-06-02 00:02:10 | Re: Disable executing external commands from psql? |
| Previous Message | Tom Lane | 2010-06-01 23:55:31 | Re: Disable executing external commands from psql? |