Path: utzoo!utgpu!water!watmath!clyde!att!osu-cis!tut.cis.ohio-state.edu!mailrus!cornell!rochester!rocksanne!entire!elt
From: elt@entire.UUCP (Edward L. Taychert)
Newsgroups: comp.unix.xenix
Subject: Re: Security
Summary: make an /rbin?
Keywords: Security
Message-ID: <3250@entire.UUCP>
Date: 29 Aug 88 13:13:38 GMT
References: <4@raider.UUCP> <288@hawkmoon.MN.ORG>
Organization: Entire Inc, East Rochester, NY
Lines: 27

In article <4@raider.UUCP>, root@raider.UUCP (Bob Reineri) writes:
> They can use shell commands from within either vnews of vi and do anything  
> their heart desires (within normal system security, of course). Well, this
> just won't work ! I know there is a 'red' editor, but I hate to confine them
> to that. 
> -- 
I created an /rbin for my guest users and only included (link'ed) in those
commands I wanted them to use. I was particularly concerned about the escape
in mail. Anyway, by denying them write access to their profiles and limiting
their paths to rbin. I think I've implented fair security. (to the best of
my knowledge, no-ones broken it... but don't keep anything sensitive on
the system.) The only shell I keep in /rbin is rsh. It seems that I don't
allow guest users to do very much, but its enough to implement a bbs like
system.

I belive I tried out VI and it was secure this way, but I don't give them
VI because its so complicated... I have a stripped down micro-emacs
I provide.
-- 

____________________________________________________________________________

Ed Taychert				Phone: USA (716) 381-7500
Entire Inc.				UUCP: rochester!rocksanne!entire!elt
445 E. Commercial Street
East Rochester, N.Y. 14445 
_____________________________________________________________________________