Newsgroups: comp.unix.shell Path: utzoo!utgpu!jmason From: jmason@gpu.utcs.utoronto.ca (Jamie Mason) Subject: Re: restricted shell sought Message-ID: <1991Apr25.040344.15655@gpu.utcs.utoronto.ca> Organization: University of Toronto Computer Science Undergraduate Student References: <29183@fs1.NISC.SRI.COM> Distribution: comp Date: Thu, 25 Apr 1991 04:03:44 GMT In article <29183@fs1.NISC.SRI.COM> cwilson@NISC.SRI.COM (Chan Wilson [Animal]) writes: >I would have thought this would have been coved long since, but I >haven`t been able to find any mention of any type of restricted shell >for non-SYSV machines. Basically what i'm looking for is a shell that >will only allow the user to access a specific subset of commands, and >not progress upwards beyond a certain point in the directory tree. Flame: ON First of all, I have *used* one of those. They are real slimy and annoying for the users. Second, they are a pain for the administrators, since there are too many possible ways out via holes in programs which the user is permitted to run. Second, if you still want to run a facist shell, the facist shell which I was subjected to in first year was called 'lsh' and is a homebrew hack of the Bourne shell done at the U of T. I may be able to figure out who around here you should contact to ask about it. But I recomend against the idea... It is a pain for users and administrastors alike. On top of that, it is not that hard to get what you want, using a regular shell, via proper use of groups and modes. And last, keep in mind that restrictive policy tends to set the users and administators at each others throats, whereas open policy tends to foster a friendly atmosphere where the restrictions turn out not to be necessary since happy users just DO what you ASK without being forced to. Flame: OFF Sorry if there was a little too much flame in there. I was subjected to just such a restricted shell in the past, and it left a permanent scar. :-) Jamie ... Segmentation fault (core dumped) Written On Thursday, April 25, 1991 at 12:02:47am EDT