Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!sdd.hp.com!spool.mu.edu!uunet!bu.edu!nntp-read!jc From: jc@raven.bu.edu (James Cameron) Newsgroups: comp.unix.shell Subject: Re: restricted shell sought Message-ID: Date: 25 Apr 91 17:59:41 GMT Article-I.D.: raven.JC.91Apr25135941 References: <29183@fs1.NISC.SRI.COM> <1991Apr25.040344.15655@gpu.utcs.utoronto.ca> Sender: news@bu.edu.bu.edu Distribution: comp Organization: What do you mean 'That *can't* be done????' Lines: 46 In-reply-to: jmason@gpu.utcs.utoronto.ca's message of 25 Apr 91 04:03:44 GMT >>>>> On 25 Apr 91 04:03:44 GMT, jmason@gpu.utcs.utoronto.ca (Jamie Mason) said: JM> In article <29183@fs1.NISC.SRI.COM> cwilson@NISC.SRI.COM (Chan Wilson [Animal]) writes: >I would have thought this would have been coved long since, but I >haven`t been able to find any mention of any type of restricted shell >for non-SYSV machines. Basically what i'm looking for is a shell that >will only allow the user to access a specific subset of commands, and >not progress upwards beyond a certain point in the directory tree. JM> Flame: ON JM> First of all, I have *used* one of those. They are real slimy JM> and annoying for the users. Second, they are a pain for the JM> administrators, since there are too many possible ways out via holes in JM> programs which the user is permitted to run. [...deleted rest of message about the evils of a restricted shell...] JM> Flame: OFF JM> Sorry if there was a little too much flame in there. I was JM> subjected to just such a restricted shell in the past, and it left a JM> permanent scar. :-) JM> Jamie ... Segmentation fault (core dumped) JM> Written On Thursday, April 25, 1991 at 12:02:47am EDT Well, this is definately sometimes necessary. Take the following example: We have two full disks containing only data for our lab. We need to allow read access to this data, but nothing else. We don't have the disk space to simply copy the data over to the ftp files. So, basically, restricted shells *are* needed for special cases. Maybe I am forgetting something, but I don't think so. *8-) jc ps. Thanks again Jamie for the help!! -- -- James Cameron (jc@raven.bu.edu) Signal Processing and Interpretation Lab. Boston, Mass (617) 353-2879 ------------------------------------------------------------------------------ "But to risk we must, for the greatest hazard in life is to risk nothing. For the man or woman who risks nothing, has nothing, does nothing, is nothing." (Quote from the eulogy for the late Christa McAuliffe.)