Path: utzoo!attcan!uunet!lll-winken!lll-lcc!ames!oliveb!intelca!mipos3!pinkas From: pinkas@hobbit.intel.com (Israel Pinkas ~) Newsgroups: comp.unix.wizards Subject: Re: Restricted shell (was Re: rsh environment) Message-ID: Date: 3 Jan 89 17:15:37 GMT References: <1276@uwbull.uwbln.UUCP> <14640@cisunx.UUCP> <901@philmds.UUCP> <278@dcs.UUCP> <425@aurora.auvax.uucp> <8636@alice.UUCP> Sender: news@mipos3.intel.com Organization: Corporate CAD, INTeL Corporation, Santa Clara, CA Lines: 48 In-reply-to: debra@alice.UUCP's message of 30 Dec 88 16:31:11 GMT In article <8636@alice.UUCP> debra@alice.UUCP (Paul De Bra) writes: > In article <425@aurora.auvax.uucp> lyndon@auvax.UUCP (Lyndon Nerenberg) writes: > }In article <278@dcs.UUCP> wnp@dcs.UUCP (Wolf N. Paul) writes: > }>Some notes: sh and rsh are links to the same binary, with "sh -r" being > }>equivalent to an invocation of rsh. "set -r" after the shell has started > }>also has the same effect, as Leo's demo showed. The manual further points out > }>that shell scripts are executed using standard sh, thus the restriction can > }>probably be gotten around. > Hold it! The restricted shell is intended to be used together with a small > set of programs, put in a special directory, and with a $PATH that only > goes through that directory. I think there is a problem here. There are two programs named rsh, who do do very different things. In the SysV environment, rsh is the restricted version of the Bourne Shell, which is a link to sh. Upon startup, the -r flag is set. This program and the flag are not available in the BSD versions of sh that I checked (Ultrix and SunOS). In the BSD environment, rsh is the remote shell, a companion of rlogin and rcp. SysV machines that have these commands often call this program rcmd, for remote command. I believe that the original question was how to pass portions of the environment when executing a remote shell. In this context, I believe that the BSD version of the program is what we should be talking about. I have aliases that do this. They all execute a command such as: rsh mach "setenv FOO foo; setenv BAR bar; cmd1; cmd2" Hope this helps. -Israel -- -------------------------------------- Disclaimer: The above are my personal opinions, and in no way represent the opinions of Intel Corporation. In no way should the above be taken to be a statement of Intel. UUCP: {amdcad,decwrl,hplabs,oliveb,pur-ee,qantel}!intelca!mipos3!cad001!pinkas ARPA: pinkas%cad001.intel.com@relay.cs.net CSNET: pinkas@cad001.intel.com