Xref: utzoo comp.unix.xenix:10229 comp.unix.i386:3096
Path: utzoo!attcan!uunet!virtech!cpcahil
From: cpcahil@virtech.uucp (Conor P. Cahill)
Newsgroups: comp.unix.xenix,comp.unix.i386
Subject: Re: Using UUCP under a BBS system???
Message-ID: <1990Feb20.191019.9391@virtech.uucp>
Date: 20 Feb 90 19:10:19 GMT
References: <2959@murtoa.cs.mu.oz.au> <511182@nstar.UUCP> <237@elrond.locus.com> <1990Feb13.214855.4265@ddsw1.MCS.COM> <.OV1S=Axds13@ficc.uu.net>
Reply-To: cpcahil@virtech.UUCP (Conor P. Cahill)
Organization: Virtual Technologies Inc., Sterling VA
Lines: 21

In article <.OV1S=Axds13@ficc.uu.net> morrison@ficc.uu.net (Brad Morrison) writes:
>What about having a wrapper around the real shells that only execs the
>real one if the user id is below some threshold?  Then give your restricted
>users IDs above the threshold.

Because all that would need to happen is that the user's find out what the name 
of the real shell.  Of course, a better solution would be to place the shell
into a different group and set the modes to 0750.  Then you could set up the
group of the incomming users so that only those within said group can run
the applicable program.  However, this could cause lots of problems
when the user tries to execute a function/program that depends upon the 
shell being available for non-interactive work (such as getcwd() on a system
V system), then these functions would fail unexplicably.

The best answer is still a chrooted environment or a much better controlled
environment.
-- 
+-----------------------------------------------------------------------+
| Conor P. Cahill     uunet!virtech!cpcahil      	703-430-9247	!
| Virtual Technologies Inc.,    P. O. Box 876,   Sterling, VA 22170     |
+-----------------------------------------------------------------------+