restricted shell sought
Jamie Mason
jmason at gpu.utcs.utoronto.ca
Thu Apr 25 14:03:44 AEST 1991
In article <29183 at fs1.NISC.SRI.COM> cwilson at NISC.SRI.COM (Chan Wilson [Animal]) writes:
>I would have thought this would have been coved long since, but I
>haven`t been able to find any mention of any type of restricted shell
>for non-SYSV machines. Basically what i'm looking for is a shell that
>will only allow the user to access a specific subset of commands, and
>not progress upwards beyond a certain point in the directory tree.
Flame: ON
First of all, I have *used* one of those. They are real slimy
and annoying for the users. Second, they are a pain for the
administrators, since there are too many possible ways out via holes in
programs which the user is permitted to run.
Second, if you still want to run a facist shell, the facist shell
which I was subjected to in first year was called 'lsh' and is a homebrew
hack of the Bourne shell done at the U of T. I may be able to figure out
who around here you should contact to ask about it.
But I recomend against the idea... It is a pain for users and
administrastors alike. On top of that, it is not that hard to get what
you want, using a regular shell, via proper use of groups and modes.
And last, keep in mind that restrictive policy tends to set the
users and administators at each others throats, whereas open policy tends
to foster a friendly atmosphere where the restrictions turn out not to be
necessary since happy users just DO what you ASK without being forced to.
Flame: OFF
Sorry if there was a little too much flame in there. I was
subjected to just such a restricted shell in the past, and it left a
permanent scar. :-)
Jamie ... Segmentation fault (core dumped)
Written On Thursday, April 25, 1991 at 12:02:47am EDT
More information about the Comp.unix.shell
mailing list