restricted shell sought

James Cameron jc at raven.bu.edu
Fri Apr 26 03:59:41 AEST 1991 

>>>>> On 25 Apr 91 04:03:44 GMT, jmason at gpu.utcs.utoronto.ca (Jamie Mason) said:

JM> In article <29183 at fs1.NISC.SRI.COM> cwilson at NISC.SRI.COM (Chan Wilson [Animal]) writes:
>I would have thought this would have been coved long since, but I
>haven`t been able to find any mention of any type of restricted shell
>for non-SYSV machines.  Basically what i'm looking for is a shell that
>will only allow the user to access a specific subset of commands, and
>not progress upwards beyond a certain point in the directory tree.

JM> Flame: ON

JM> 	First of all, I have *used* one of those.  They are real slimy
JM> and annoying for the users.  Second, they are a pain for the
JM> administrators, since there are too many possible ways out via holes in
JM> programs which the user is permitted to run.

[...deleted rest of message about the evils of a restricted shell...]

JM> Flame: OFF

JM> 	Sorry if there was a little too much flame in there.  I was
JM> subjected to just such a restricted shell in the past, and it left a
JM> permanent scar.  :-)

JM> Jamie  ...  Segmentation fault (core dumped)
JM> Written On  Thursday, April 25, 1991  at  12:02:47am EDT

Well, this is definately sometimes necessary.  Take the following example:

We have two full disks containing only data for our lab.  We need
to allow read access to this data, but nothing else. We don't have 
the disk space to simply copy the data over to the ftp files.  So,
basically, restricted shells *are* needed for special cases.  Maybe
I am forgetting something, but I don't think so.  *8-)

jc

ps.  Thanks again Jamie for the help!!
--
					-- James Cameron  (jc at raven.bu.edu)

Signal Processing and Interpretation Lab.  Boston, Mass  (617) 353-2879
------------------------------------------------------------------------------
"But to risk we must, for the greatest hazard in life is to risk nothing.  For
the man or woman who risks nothing, has nothing, does nothing, is nothing."
	(Quote from the eulogy for the late Christa McAuliffe.)

More information about the Comp.unix.shell mailing list