Xref: utzoo comp.unix.questions:31646 comp.unix.shell:2250
Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!swrinde!mips!samsung!uunet!ora!jerry
From: jerry@ora.com (Jerry Peek)
Newsgroups: comp.unix.questions,comp.unix.shell
Subject: Re: Looking for a restricted shell.
Keywords: shell, restricted
Message-ID: <1991May25.052812.13198@ora.com>
Date: 25 May 91 05:28:12 GMT
References: <1991May23.033109.10724@DMI.USherb.CA>
Organization: O'Reilly and Associates Inc., Cambridge, MA
Lines: 22

In article <1991May23.033109.10724@DMI.USherb.CA> pineault@DMI.USherb.CA (Christian Pineault) writes:
> I'm looking for a shell on SunOS 4.1.1 that would prevent users from
> using any armful commands.
> 
> This could be something like a command interpreter and a permission
> file containing a list of allowed (or disallowed) commands.

Look into /usr/lib/rsh (that's the location on SunOS 4.1.1, anyway).
It's a restricted version of /bin/sh that keeps users from doing
all kinds of things.  If you set the PATH in the .profile to a
directory with copies of the commands you want to allow (and/or
symbolic links to those commands), you're pretty safe.  The rsh
adds restrictions like:
	- not letting the user change the PATH
	- the 'cd' command doesn't work
	- the user can't type commands like /bin/foo (names with slashes)

Check the security section of your SunOS documentation set for an intro. 
Our new UNIX Security book covers the restricted shell -- so do other
security books like Kochan & Wood (? -- sorry, I don't have a copy handy).

--Jerry Peek, O'Reilly & Associates, jerry@ora.com