Ken Tanzer wrote:
> Hi. I'm wondering if it is possible to disable use of \! to execute
> commands in psql? I see this has come up on the list before
> (http://archives.postgresql.org/pgsql-admin/2007-07/msg00242.php), but I
> don't see anyone saying whether it is possible or not, just that it's a
> bad or useless idea.
>
> It may or may not be a bad idea (e.g., carry some risk). My scenario is
> that I'd like to give people that I don't necessarily know (or therefore
> trust) the ability to run psql for a database I've already set up for
> them. I set their login shell to psql, so they can simply ssh in, and
> they are in psql. From there, though, they can do a simple \!
> /bin/bash, and they've got way more access than I want them to.
>
> So is there any way to disable the "\!" stuff? If there's a better way
> to go about this, I suppose I'm all ears too!
Sure use SHELL=/usr/bin/false:
$ SHELL=/usr/bin/false psql
psql (9.0beta1)
Type "help" for help.
postgres=> \!
postgres=>
--
Bruce Momjian <bruce@momjian.us> http://momjian.us
EnterpriseDB http://enterprisedb.com
+ None of us is going to be here forever. +