Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!mnetor!uunet!husc6!cmcl2!rutgers!sunybcs!boulder!hao!oddjob!gargoyle!ihnp4!homxb!twitch!ho7cad!wjc
From: wjc@ho5cad.ATT.COM
Newsgroups: comp.sources.wanted
Subject: Re: Looking for a more restricted shell
Message-ID: <218@ho7cad.ATT.COM>
Date: Sun, 13-Sep-87 17:43:57 EDT
Article-I.D.: ho7cad.218
Posted: Sun Sep 13 17:43:57 1987
Date-Received: Tue, 15-Sep-87 03:45:55 EDT
References: <129@bcsfse.UUCP>
Sender: nuucp@ho7cad.ATT.COM
Lines: 22
In-reply-to: bill@bcsfse.UUCP's message of 2 Sep 87 21:57:03 GMT

Posting-Front-End: GNU Emacs 18.47.1 of Fri Jun 26 1987 on ho5cad (usg-unix-v)


In article <129@bcsfse.UUCP> bill@bcsfse.UUCP (Bill Sears) writes:
>	   We are designing a system and want to give the (ab)users the capability
>   of using the shell for certain tasks (e.g. editing personal files, reading
>   mail, etc.).  The problem is that the users have to have access to certain
>   ...
>   works).  What we are actually looking for is being able to let the users
>   do anything they want within their "home tree", so that they can create
>   and change directories, files, etc. in their own area, but can't go higher
>   than their home directory.  We are anticipating having to write a special

You didn't say,  so let me ask.   Did you consider using "chroot()" to
restrict the users to a particular subtree of the  file systems?  This
can be very attractive  if it still lets  you get done  everything you
otherwise want. 

May have been a slip of the keyboard, but did you really mean that you
want them to be able to "read mail, etc" but not "go higher than their
home directories?  Hmmm, a tough one.

	Bill Carpenter
	(AT&T gateways)!ho5cad!wjc
	HO 1L-410, (201)949-8392