Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!ames!sun-barr!texsun!texbell!uhnix1!moray!siswat!buck
From: buck@siswat.UUCP (A. Lester Buck)
Newsgroups: comp.unix.questions
Subject: Re: Restricted Shell - does it still exist.
Message-ID: <443@siswat.UUCP>
Date: 21 Aug 89 03:46:20 GMT
References: <20623@adm.BRL.MIL> <323@galadriel.bt.co.uk>
Organization: Photon Graphics,  Houston
Lines: 20

In article <323@galadriel.bt.co.uk>, pcf@galadriel.bt.co.uk (Pete French) writes:
< The restricted shell was exactly the same as the original shell - execpt it was
< invoked with the name "rsh". /bin/rsh was a link to /bin/sh. On a SUn (or
< any ethernet box indeed) this is a problem since rsh already exists.
< 
< The restricted shell can, luckily, still be run. You just invoke it with
< a '-r' option. So put in your users .profile ...
< 
< exec sh -r
< 
< And he will have a restricted shell.

/bin/rsh enforces its restrictions after the .profile is executed, and any
BREAK or DELETE actions by the user during .profile processing result in his
being logged off.  A persistent rsh user could break out of this scheme
without much trouble by leaning on his interrupt key.


-- 
A. Lester Buck		...!texbell!moray!siswat!buck