home *** CD-ROM | disk | FTP | other *** search
- Path: sparky!uunet!wupost!waikato.ac.nz!aukuni.ac.nz!kcbbs!nacjack!codewks!system
- Newsgroups: comp.bbs.waffle
- Subject: Re: Priv-problem
- Message-ID: <BasquB1w165w@codewks.nacjack.gen.nz>
- From: system@codewks.nacjack.gen.nz (Wayne McDougall)
- Date: Mon, 23 Nov 92 23:54:58 NZST
- References: <By50My.IGu@cs.psu.edu>
- Organization: The Code Works Limited, PO Box 10 155, Auckland, New Zealand
- Lines: 39
-
- fenner@snobol.cs.psu.edu (Bill Fenner) writes:
-
- > In article <1992Nov22.153343.354@et.tudelft.nl> mvdl@et.tudelft.nl writes:
- > |How can I have a user have the priv's to read system-mail (with SYS) but let
- > |him be unable to shell to dos ?
- >
- > Change sysmail() in mail.c to require a lower priv level. If you don't have
- > sources, you can't do it; right now, sysmail() requires priv=9.
- >
-
- Here's how to do it if you don't have the source command.
- 1. Remove the "shell" line from _system in the extern directory.
- 2. Add a file, say, TODOS to the extern directory, consisting of the
- following:
- /access=9 /command="c:\dos\%R" /shell
- 3. For those people you want to have acess to DOS, set the COMMENT in
- their user profile to COMMAND, and for anyone else a non-DOS command.
-
- Voila.
-
- I know this is a kludge, but it works. Note that it would be nicer to
- include /exclude based on the GROUP markers, but access level 9 seems
- to be immune to group restrictions.
-
- Note that there are obvious variations on the above theme. For better
- security, you could have TODOS run an external program that asked for a
- password, and only shelled out on the correct one.
-
- The above solutions relies on ignorance of the non-members, but it
- would be easy enough to increase the crypticity.
-
- Regards
-
-
- --
- Wayne McDougall, BCNU
- This .sig unintentionally left blank.
-
- Hello! I'm a .SIG Virus. Copy me and spread the fun.
-
