Re: Disable executing external commands from psql?

>
> Sure use SHELL=/usr/bin/false:
>
> $ SHELL=/usr/bin/false psql
> psql (9.0beta1)
> Type "help" for help.
>
> postgres=> \!
> postgres=>
>
>

Trouble is, that doesn't stop

\! bash

On 06/01/2010 04:57 PM, Bruce Momjian wrote:
> Ken Tanzer wrote:
>
>> Hi. I'm wondering if it is possible to disable use of \! to execute
>> commands in psql? I see this has come up on the list before
>> (http://archives.postgresql.org/pgsql-admin/2007-07/msg00242.php), but I
>> don't see anyone saying whether it is possible or not, just that it's a
>> bad or useless idea.
>>
>> It may or may not be a bad idea (e.g., carry some risk). My scenario is
>> that I'd like to give people that I don't necessarily know (or therefore
>> trust) the ability to run psql for a database I've already set up for
>> them. I set their login shell to psql, so they can simply ssh in, and
>> they are in psql. From there, though, they can do a simple \!
>> /bin/bash, and they've got way more access than I want them to.
>>
>> So is there any way to disable the "\!" stuff? If there's a better way
>> to go about this, I suppose I'm all ears too!
>>
> Sure use SHELL=/usr/bin/false:
>
> $ SHELL=/usr/bin/false psql
> psql (9.0beta1)
> Type "help" for help.
>
> postgres=> \!
> postgres=>
>
>

--
-------------------------------------------------------
AGENCY Software
For nonprofits that want to take control of their data

Use it. Like it. Share it. Build it. Buy it.
http://agency-software.org
-------------------------------------------------------