5

I'm looking to run a Java program (compiled class > .jar file) as my Unix shell. Basically, I don't want sh or bash to be involved, as then users could shell out/suspend out of my Java program and access the unix shell.

Is this possible?

Do I need to use jail/chroot?

Is it as simple as editing /etc/shells and putting the java -jar ... command in there?

Alternatively, if I must use sh/bash, can I auto-exit the shell when my java/vm expires or is unloaded (so nobody can escape the Java app into the bash/sh shell itself)?

Improve this question

2 Answers 2

Reset to default
2

Step one: Create a wrapper shell script /usr/bin/myjavashell:

#!/bin/sh
exec /usr/bin/java -jar /usr/local/whatever/file.jar

Step two: Make it executable: chmod +x /usr/bin/myjavashell

Step three: Add /usr/bin/myjavashell to /etc/shells.

Step four: Set this as the user's login shell with chsh -s /usr/bin/myjavashell youruser.

Optional step five : In /etc/ssh/sshd_config, disable any additional options you don't want the user to be able to do that doesn't require a shell, like tcp forwarding:

Match User youruser
AllowTcpForwarding False
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Thanks 'that other guy' - this is (a more comprehensive description) of what DwB said. Fortunately I've been working with Unix for ~20 years, so after DwB mentioned exec (never had come across that until now!) I could figure the rest out. For others though, and for re-assurance, thank you for your detailed steps, I think this is what I will plan to do. I will still explore the PTY model, as a nifty other alternative (perhaps for future use).
0

One potential solution I came up with is to make my Java app spawn a PTY and output to the PTY. Then redirect console (vga/serial/vnc/etc) to use my custom PTY. This way the interface is just my Java app's I/O and no bash/shell is ever involved. I think it could work. Need to research how to spawn a PTY and write/read to/from it of course, but I'm sure that is feasible..

Any other ideas?? Thanks!

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.