home *** CD-ROM | disk | FTP | other *** search
- Newsgroups: comp.unix.shell
- Path: sparky!uunet!europa.asd.contel.com!gatech!asuvax!ncar!csn!cherokee!uswmrg!engineer.mrg.uswest.com!chris
- From: chris@engineer.mrg.uswest.com (Chris Fedde)
- Subject: Re: How to make Restrict Shell more safely?
- Message-ID: <1993Jan4.131835.21436@uswmrg.mrg.uswest.com.mrg.uswest.com>
- Organization: USWEST Marketing Resources
- NntpPostingHost: engineer.mrg.uswest.com
- References: <cslee.225.726145569@pds.nchu.edu.tw>
- Date: 04 Jan 93 18:18:35 GMT
- Lines: 27
-
- In article <cslee.225.726145569@pds.nchu.edu.tw> cslee@pds.nchu.edu.tw (Lee Chee Siong) writes:
- >Hi,
- > I want to creat a few accounts in Restrict Shell enviroment. In this
- >account, only a few command(e.g. vi, ftp, mail, news) can be used. Is
- >there any suggestion to creat this environment to make it more security
- >in my system?
- > Any comming is appreciate.
- >
- >
- ><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
- ><> CS Lee (Lee Chee Siong) <> If you can give <>
- ><> National Chung Hsing University, <> nothing else, <>
- ><> Taichung, Taiwan, Republic of China. <> at least give a <>
- ><> Internet Address: cslee@pds.nchu.edu.tw <> cheerful face <>
- ><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
-
-
- Two aproaches come to mind
- 1) use /bin/rsh as login shell for these users. I think that there are
- equivalents for csh and ksh. It should be relatively easy to customize the
- environments restrictions.
-
- 2) Set up a subdirectory /sub/dir with copies of all the required
- binaries and data files. Be sure to copy /bin/sh to /sub/dir/bin.
- Exec /etc/chroot /sub/dir /bin/sh from the users login shell.
-
- Chris Fedde, USWEST MRG, chris@mrg.uswest.com, voice +13037842823
-
