Restricted User Shell
Additional configuration can be included to the main configuration
file using the
include statement (see Include). Before
inclusion, a number of checks is performed on the file to ensure it
is safe to rely on it. These checks are configured using the
Configure the security checks for include files. This statement takes a list of arguments, separated by white space. The following arguments are recognized:
Enable all checks.
The file is not owned by root.
The file is group writable.
The file is world writable.
The file resides in a group writable directory.
The file resides in a world writable directory.
The file is a symbolic link to a file residing in a group or world writable directory.
Each of the above keywords may be prefixed by ‘no’, which reverses its meaning. The special keyword ‘none’ disables all checks. Each keyword adds or removes a particular test to the existing check list, which is initialized as described in security checks. Thus, the following statement results in all checks, except for the file ownership:
global include-security noowner
In the example below, the check list is first cleared by using the
none statement, and then a set of checks is added to it:
global include-security none owner iwoth iwgrp
This document was generated on July 12, 2019 using makeinfo.Verbatim copying and distribution of this entire article is permitted in any medium, provided this notice is preserved.