Path: utzoo!utgpu!watmath!clyde!att!osu-cis!killer!dcs!wnp From: wnp@dcs.UUCP (Wolf N. Paul) Newsgroups: comp.unix.wizards Subject: Re: Restricted shell (was Re: rsh environment) Keywords: no /etc/profile sourced? Message-ID: <278@dcs.UUCP> Date: 26 Dec 88 12:57:35 GMT References: <1276@uwbull.uwbln.UUCP> <14640@cisunx.UUCP> <901@philmds.UUCP> Reply-To: wnp@dcs.UUCP (Wolf N. Paul) Organization: DCS, Dallas, Texas Lines: 36 In article <901@philmds.UUCP> leo@philmds.UUCP (Leo de Wit) writes: > (demo of restricted shell deleted) >Restriction seems to imply both not to be able to change the working >directory and execute only commands that are found using $PATH (they >may not contain a slash). > >I'm interested both in what restriction means in System V, and whether >there is any documentation about -r (set -r, sh -r) for the BSD /bin/sh. >Furthermore I'm interested in hearing about its use (for what, and how). The following is from the manual page for sh(1) under System V R.2: -----beginning of quote Rsh is used to set up login names and execution environments whose capabilities are more controlled than those of the standard shell. The actions of rsh are identical to sh, except that the following are disallowed: changing directory setting the value of $PATH, specifying path or command names containing /, redirecting output (> and >>). These restrictions are enforced after .profile is interpreted. ... The net effect of these rules is that the writer of the .profile has complete control over user actions, by performing guaranteed setup actions and leaving -----end of quote Some notes: sh and rsh are links to the same binary, with "sh -r" being equivalent to an invocation of rsh. "set -r" after the shell has started also has the same effect, as Leo's demo showed. The manual further points out that shell scripts are executed using standard sh, thus the restriction can probably be gotten around. the user in an appropriate directory (probably not the login directory). -- Wolf N. Paul * 3387 Sam Rayburn Run * Carrollton TX 75007 * (214) 306-9101 UUCP: killer!dcs!wnp ESL: 62832882 DOMAIN: dcs!wnp@killer.dallas.tx.us TLX: 910-380-0585 EES PLANO UD