From 0dccb303c09069ab3997a508f18d1e94f9332f90 Mon Sep 17 00:00:00 2001
From: Christian Poessinger <christian@poessinger.com>
Date: Thu, 14 Jan 2021 19:17:35 +0100
Subject: T671: re-add removed restricted-shell script

Commit ac2586bc ("T671: remove apparently unused scripts") dropped the
restricted-shell helper script which is not referenced by any other VyOS/Vyatta
shell script, but rather directly from C code [1].

Restore the file.

[1] https://github.com/vyos/libpam-radius-auth/blob/76ad405d374f70812/src/radius_shell.c#L125-L129
---
 scripts/restricted-shell | 11 +++++++++++
 1 file changed, 11 insertions(+)
 create mode 100755 scripts/restricted-shell

(limited to 'scripts/restricted-shell')

diff --git a/scripts/restricted-shell b/scripts/restricted-shell
new file mode 100755
index 00000000..ffcbb53b
--- /dev/null
+++ b/scripts/restricted-shell
@@ -0,0 +1,11 @@
+#!/bin/bash
+
+if [ $# != 0 ]; then
+    echo "Remote command execution is not allowed for operator level users"
+    args=($@)
+    args_str=$(IFS=" " ; echo "${args[*]}")
+    logger "Operator level user $USER attempted remote command execution: $args_str" 
+    exit 1
+fi
+
+exec vbash
-- 
cgit v1.2.3