I've spent the afternoon in trying to understand the differences between the different shells on unix servers but I'm still unsure. Which shell is the best (in terms of security) for the users of my servers? bash? sh?

thanks

sh is old. bash is the most used one.

I use bash. And for my root and other own accounts csh

I don't think any is more secure than any other. Most people use bash since it's the default shell in many distributions. sh is usually a symbolic link to bash on many distributions. The others that I know of are ash, csh, ksh, and tcsh.

Giving the users shell access is a risk..... we do not grant any users shell access....

Most people are more familiar with bash. So I guess bash is a good default shell. On most system users can change their shells by themselves. On Linux the command is chsh.

I agree,

don't give all users shell access. That way you have more risks being hacked and so on! So be very very careful!

I would go with "bash". However everyone does bring up a good point. When you grant shell access you open a whole new door when it comes to security.

Most newbie users will want bash. Bash does have a larger memory footprint and will use more resources though.

There are really no differences between shells in terms of security. Shells are just normal programs and they inherit their security properties from the login program.

Shell access can be very useful to the users. I don't see why it can cause any security problems. SSH is actually more secure than FTP. If a somebody gets the FTP password to a users account, he can delete the users files, edit them, read them, get any MySQL passwords from them, run CGI or PHP files on the server, .. etc.

There are frequently security problems found in programs that require shell access to attempt to exploit. Unless you are really vigilant about keeping up to date on patches you may be asking for trouble. The other problem with giving shell access is the user has the potential to cause problems for other users if you haven't taken precautions. Users really need a quota set on processor time if they're able to get a shell. Otherwise you may have one user using up all the available processor and/or memory. Ahhhh, nothing like having a user open up a 1 gigabyte log file using PICO : )

From billyjoe:


****************
Ahhhh, nothing like having a user open up a 1 gigabyte log file using PICO : )
*******************************

Good one! LOL Imagine a user doing that with 256 to 512 MB of memory! I'm sure all the other users would be sooooo happy....not!

Take care,

Louis

Originally posted by billyjoe
There are frequently security problems found in programs that require shell access to attempt to exploit. Unless you are really vigilant about keeping up to date on patches you may be asking for trouble. The other problem with giving shell access is the user has the potential to cause problems for other users if you haven't taken precautions. Users really need a quota set on processor time if they're able to get a shell. Otherwise you may have one user using up all the available processor and/or memory. Ahhhh, nothing like having a user open up a 1 gigabyte log file using PICO : )

Speaking out of expirience? ;)

You shouldn't be really using csh or ksh, unless you want to explore it options. Just executing "top" and "pico" command is nothing big.

I don't understand why so many people say that giving out shell access is dangerous. It's not like DOS where you have access to everything, unless you're root. CGI access is just as "dangerous" as shell access. Heck, CGI can be used to gain shell access.

<<<<< Speaking out of expirience? >>>>>


Hehe, yeah. Basically it boils down to the need to be able to trust your users completely, and you can't usually do that.

How about requiring some sort of ID before giving the user shell access? If a user wants a shell say "Ok, but before I do that I need you to fax me a copy of your Drivers Liscense or other type of ID (passport, Visa, greencard, etc)". That way you'll weed out the bad seeds and the people who really do need it won't have a problem faxing or mailing you that info.

I agree with toastyx. Giving shell access is no less secure than giving your user CGI access. The only thing it does is enable them to use programs that require a tty.

There is generally no need for your users to be running those types of programs to publish a web site or use email. Therefore, you are opening yourself up more to an abuse of service type of problem than a security problem.

Of course, if you're not giving your users CGI access, then there is a big difference whether you give them shell acces or not.

We make it easier to micromanage our shell users by only having one shell available to them, bash.

if you are going to give your users a shell, at LEAST setup "jail"

Originally posted by bacid
if you are going to give your users a shell, at LEAST setup "jail"

Jail is not always possible or practical. It requires various files and programs to be copied inside each jail, and therefore wasting a lot of resources.

Originally posted by bacid
if you are going to give your users a shell, at LEAST setup "jail"

Again, unless you are also going to "jail" their CGI access, this will not improve your security. Also, jails are not inescapable.