Re: Disable executing external commands from psql?

Ken Tanzer wrote:
> Hi.  I'm wondering if it is possible to disable use of  \! to execute
> commands in psql?  I see this has come up on the list before
> (http://archives.postgresql.org/pgsql-admin/2007-07/msg00242.php), but I
> don't see anyone saying whether it is possible or not, just that it's a
> bad or useless idea.
>
> It may or may not be a bad idea (e.g., carry some risk).  My scenario is
> that I'd like to give people that I don't necessarily know (or therefore
> trust) the ability to run psql for a database I've already set up for
> them.  I set their login shell to psql, so they can simply ssh in, and
> they are in psql.  From there, though, they can do a simple \!
> /bin/bash, and they've got way more access than I want them to.
>
> So is there any way to disable the "\!" stuff?  If there's a better way
> to go about this, I suppose I'm all ears too!

Sure use SHELL=/usr/bin/false:

    $ SHELL=/usr/bin/false psql
    psql (9.0beta1)
    Type "help" for help.

    postgres=> \!
    postgres=>

--
  Bruce Momjian  <bruce@momjian.us>        http://momjian.us
  EnterpriseDB                             http://enterprisedb.com

  + None of us is going to be here forever. +