Path: utzoo!utgpu!attcan!uunet!lll-winken!lll-tis!oodis01!uplherc!sp7040!obie!wes
From: wes@obie.UUCP (Barnacle Wes)
Newsgroups: comp.unix.aux
Subject: Re: Toolbox functions from non-console terminals
Summary: A few suggestions...
Message-ID: <111@obie.UUCP>
Date: 26 Jul 88 00:44:20 GMT
References: <4230@saturn.ucsc.edu>
Distribution: na
Organization: the Well of Souls
Lines: 31

In article <4230@saturn.ucsc.edu>, matthew@ucscb.UCSC.EDU (73550000) writes:
> Unfortunately, toolbox-based programs are runnable by anyone who is
> logged in.  This can cause problems if I am trying to use the Mac
> monitor/keyboard as the console terminal.  If some other user runs
> /usr/toolboxbin/term,... I get a terminal window for THEIR account on
> MY screen.

Actually, there are several things you can do.  The easiest is to make
sure none of the accounts other than yours have /usr/toolboxbin in their
path.  Any experienced Unix user can get around this pretty easily, but
if your users aren't Unix people, it will suffice for a while.

Another trick is to make the tools in /usr/toolboxbin part of a special
group, say `toolbox'.  Then chmod all the executables there to be owner
and group execute, and no world priveledges.  Then add yourself and
nobody else to the group `toolbox' (in the file /etc/group).  Then when
you want to run a toolbox program, just type `chgrp toolbox' before
typing the command to run the program.  This scheme is much more secure
than the first suggestion.

Some other areas you might want to look at include the restricted shell
`rsh' & restricted editor `red', and the `chroot' call for user
accounts.  Use of these would be pretty extreme, and would be used
primarily where you have a hostile user environment, like a BBS with a
lot of nasty hacking going on :-).

	Wes Peters
-- 
                     {hpda, uwmcsd1}!sp7040!obie!wes
           "Happiness lies in being priviledged to work hard for
           long hours in doing whatever you think is worth doing."
                         -- Robert A. Heinlein --