2
I'm launching screen with the following command, inside a shell script that is set as a user's shell to keep them from escaping.
screen -dRRq -S ${USER}_MC -s $HOME/runthis.sh
Is there a way to secure screen, to keep the user from being able to even use the escape sequence, or at worst, prevent them from running commands like exec
?
Edit: It's not that the user should have access to an actual command-prompt shell. I only want them to be able to run a single program that runs persistently, and as far as I know screen is the easiest way to do that. However, getting out of this is as easy as C-a : exec bash
.
Right now I've just unbound most of the keys using .screenrc (especially colon), I just want to make sure I'm not missing something easier.
if the users must not run programs, why is it they need the shell? There is always a way around the shell exec. You could try to trap them on a noexec filesystem. – matthias krull – 2010-12-10T07:33:53.770
@mugen I don't want them to have a command prompt, I'm just setting the "shell" to my script so it runs on login. Being noexec would prevent them from starting the target application. – Jess – 2010-12-10T14:38:08.893