pineault@sarcelle.DMI.USherb.CA (Christian Pineault) (05/23/91)
Hi, I'm new to the net so I hope this is not a frequently asked question. I'm looking for a shell on SunOS 4.1.1 that would prevent users from using any armful commands. This could be something like a command interpreter and a permission file containing a list of allowed (or disallowed) commands. Your help would be appreciated. Thanks, Chris -- --- Christian Pineault - Sherbrooke University - Internet: pineault@dmi.usherb.ca --- auto-disclaim: errno 7 at line 5
mouse@thunder.mcrcim.mcgill.edu (der Mouse) (05/24/91)
In article <1991May23.033109.10724@DMI.USherb.CA>, pineault@sarcelle.DMI.USherb.CA (Christian Pineault) writes: > I'm looking for a shell on SunOS 4.1.1 that would prevent users from > using any armful commands. I assume you meant `harmful', though it's amusing to contemplate possible meanings for `armful'.... The simplest way to do this is to remove their login access. I'm serious. UNIX provides much power, but with this power comes the power to shoot yourself in the foot. If you were to prohibit all potentially destructive actions, there wouldn't be much left that one could do; you would more or less have to make the entire system read-only for that user. (Which you could, I suppose, do, but in the right circumstances even read access could be harmful.) Assuming that's not acceptable, you're left with the problem of drawing the line: how much potential destruction is acceptable? Unfortunately, UNIX does not recognize the difference between destroying a worthless scratch file you were using to play with the editor and destroying the only existing copy of the quarterly reports you have to present at next week's meeting. Avoiding *that* then becomes a matter of managing ownerships and permissions correctly, and that's not something you can manage by preventing users from using certain commands. If you already know what commands you do or don't want the users to be able to use, it's not hard. If you want them to have access to only a subset of commands, make their login shells chroot() to a directory somewhere and exec the desired shell, then underneath that directory create whatever playpen world you want. If you want them to have access to all but a certain list of commands, move those commands into a special directory, then turn off the world (and possibly group) execute bit(s) on that directory (and set its ownerships to match). It also depends on whether you're trying to protect against accident or malice (the latter is much harder, of course), and whether you're trying to protect against users harming themselves or harming others. der Mouse old: mcgill-vision!mouse new: mouse@larry.mcrcim.mcgill.edu
chet@odin.INS.CWRU.Edu (Chet Ramey) (05/24/91)
In article <1991May23.033109.10724@DMI.USherb.CA> pineault@sarcelle.DMI.USherb.CA (Christian Pineault) writes: >I'm looking for a shell on SunOS 4.1.1 that would prevent users from >using any armful commands. `/bin/true' -- Chet Ramey Internet: chet@po.CWRU.Edu Case Western Reserve University NeXT Mail: chet@macbeth.INS.CWRU.Edu ``Now, somehow we've brought our sins back physically -- and they're pissed.''
jerry@ora.com (Jerry Peek) (05/25/91)
In article <1991May23.033109.10724@DMI.USherb.CA> pineault@DMI.USherb.CA (Christian Pineault) writes: > I'm looking for a shell on SunOS 4.1.1 that would prevent users from > using any armful commands. > > This could be something like a command interpreter and a permission > file containing a list of allowed (or disallowed) commands. Look into /usr/lib/rsh (that's the location on SunOS 4.1.1, anyway). It's a restricted version of /bin/sh that keeps users from doing all kinds of things. If you set the PATH in the .profile to a directory with copies of the commands you want to allow (and/or symbolic links to those commands), you're pretty safe. The rsh adds restrictions like: - not letting the user change the PATH - the 'cd' command doesn't work - the user can't type commands like /bin/foo (names with slashes) Check the security section of your SunOS documentation set for an intro. Our new UNIX Security book covers the restricted shell -- so do other security books like Kochan & Wood (? -- sorry, I don't have a copy handy). --Jerry Peek, O'Reilly & Associates, jerry@ora.com
mike@bria.UUCP (mike.stefanik) (05/26/91)
In an article, pineault@sarcelle.DMI.USherb.CA (Christian Pineault) writes: >I'm looking for a shell on SunOS 4.1.1 that would prevent users from >using any [h]armful commands. Here is the source to a shell that you might find useful: #include <stdio.h> #include <string.h> #include <signal.h> main(argc,argv) int argc; char *argv[]; { char *image, buf[1024]; char *tok; signal(SIGINT,SIG_IGN); signal(SIGQUIT,SIG_IGN); image = strrchr(argv[0],'/'); image++; printf("$ "); while ( fgets(buf,1024,stdin) != NULL ) { tok = strtok(buf," \t\n"); if ( ! strcmp(tok,"exit") ) break; if ( tok && strlen(tok) > 0 ) fprintf(stderr,"%s: %s: permission denied\n", image, tok); printf("$ "); } return 0; } -- Michael Stefanik, MGI Inc, Los Angeles | Opinions stated are never realistic Title of the week: Systems Engineer | UUCP: ...!uunet!bria!mike ------------------------------------------------------------------------------- If MS-DOS didn't exist, who would UNIX programmers have to make fun of?
art@pilikia.pegasus.com (Art Neilson) (05/28/91)
In article <270@bria.UUCP> uunet!bria!mike writes: >In an article, pineault@sarcelle.DMI.USherb.CA (Christian Pineault) writes: >>I'm looking for a shell on SunOS 4.1.1 that would prevent users from >>using any [h]armful commands. > >Here is the source to a shell that you might find useful: > [hilarious restricted shell source deleted ..] Boy, that's what I call restricted! ;^) -- Arthur W. Neilson III | INET: art@pilikia.pegasus.com Bank of Hawaii Tech Support | UUCP: uunet!ucsd!nosc!pilikia!art
subbarao@phoenix.Princeton.EDU (Kartik Subbarao) (05/28/91)
In article <1991May27.182636.2026@pilikia.pegasus.com> art@pilikia.pegasus.com (Art Neilson) writes: >In article <270@bria.UUCP> uunet!bria!mike writes: >>In an article, pineault@sarcelle.DMI.USherb.CA (Christian Pineault) writes: >>>I'm looking for a shell on SunOS 4.1.1 that would prevent users from >>>using any [h]armful commands. >> >>Here is the source to a shell that you might find useful: >> [hilarious restricted shell source deleted ..] > >Boy, that's what I call restricted! ;^) If you want a really restricted shell, give 'em bash. It coredumps often enough so the user can't ever get any security-threatening work done ;-) -Kartik -- internet% ypwhich subbarao@phoenix.Princeton.EDU -| Internet kartik@silvertone.Princeton.EDU (NeXT mail) SUBBARAO@PUCC.BITNET - Bitnet
navarra@casbah.acns.nwu.edu (John 'tms' Navarra) (05/28/91)
In article <azNKF5a7AqCRA@idunno.Princeton.EDU> subbarao@phoenix.Princeton.EDU (Kartik Subbarao) writes: >In article <1991May27.182636.2026@pilikia.pegasus.com> art@pilikia.pegasus.com (Art Neilson) writes: >>In article <270@bria.UUCP> uunet!bria!mike writes: >>>In an article, pineault@sarcelle.DMI.USherb.CA (Christian Pineault) writes: >>>>I'm looking for a shell on SunOS 4.1.1 that would prevent users from >>>>using any [h]armful commands. >>> >>>Here is the source to a shell that you might find useful: >>> [hilarious restricted shell source deleted ..] >> >>Boy, that's what I call restricted! ;^) > >If you want a really restricted shell, give 'em bash. It coredumps often >enough so the user can't ever get any security-threatening work done ;-) To the Hunt men! Bash out his innards! Bash-1.07 executes finely on our SuN. 1.08, though, I hear is suffering from a family related disease like its dear papa 1.05. Bash is still the BEST shell! (keep working Brain and Chet!) However, zsh is looking better as well. > > > -Kartik > > >-- >internet% ypwhich > >subbarao@phoenix.Princeton.EDU -| Internet >kartik@silvertone.Princeton.EDU (NeXT mail) >SUBBARAO@PUCC.BITNET - Bitnet -- From the Lab of the MaD ScIenTiST: navarra@casbah.acns.nwu.edu
edw@sequent.UUCP (Ed Wright) (05/28/91)
In article <1991May24.114710.5024@thunder.mcrcim.mcgill.edu> mouse@thunder.mcrcim.mcgill.edu (der Mouse) writes: %In article <1991May23.033109.10724@DMI.USherb.CA>, pineault@sarcelle.DMI.USherb.CA (Christian Pineault) writes: % %> I'm looking for a shell on SunOS 4.1.1 that would prevent users from %> using any armful commands. % %I assume you meant `harmful', though it's amusing to contemplate %possible meanings for `armful'.... % %The simplest way to do this is to remove their login access. % %I'm serious. UNIX provides much power, but with this power comes the Much stuff deleted Well, you could create a few new groups. Let your commands be owned by a member of one the groups. Then allow group membership to those groups for only those people you want to be to use the commands. (SEig Heil administration) On a friendlier note alias cp to cp -i set noclobber, and alias rm to mv \!* /someplace that gets cleaned out every so often, like perhaps ~/.temp. rksh is a good idea. The best thing you can however, is EDUCATE YOUR USERS ! I firmly believe that an administrator that does not enlighten or ensure that someone else enlightens the new users is just not doing his/her/its job. Period. End of sentence. Ed -- I think I've got the hang of it now .... :w :q :wq :wq! ^d X exit X Q :quitbye CtrlAltDel ~~q :~q logout save/quit :!QUIT ^[zz ^[ZZ ZZZZ ^H ^@ ^L ^[c ^# ^E ^X ^I ^T ? help helpquit ^D ^d ^C ^c help exit ?Quit ?q anybackbone!sequent!edw edw@sequent.COM KA9AHQ 28.340
lh@aega84.UUCP (L. Hirschbiegel) (05/29/91)
In article <azNKF5a7AqCRA@idunno.Princeton.EDU> subbarao@phoenix.Princeton.EDU (Kartik Subbarao) writes: > >If you want a really restricted shell, give 'em bash. It coredumps often >enough so the user can't ever get any security-threatening work done ;-) > > > -Kartik It's even better! When I was using bash 1.05 it would not even let you log in over modem line - nothing was echoed. Now THIS is what I call absolutely secure :-) [ Looks like I had done something wrong in config.h .... :-) ] Lothar -- ==================================================================== L. Hirschbiegel, AEG Produktionsautomatisierung, Frankfurt (Germany) unido!aega84!lh -49-69-66414316 ====================================================================