FAUSETT@tops20.radc.af.mil (08/16/89)
I'm looking for something like the old AT&T restricted shell (found in System III and possibly later?) for a Sun system. I've got a guest user I need to set up on the system with whom I have a good bit of trust, but still want to discourage from poking around tyhe system. Does anyone know if such a beastie still exists? Mark Fausett fausett@tops20.radc.af.mil -------
ask@cbnews.ATT.COM (Arthur S. Kamlet) (08/17/89)
In article <20623@adm.BRL.MIL> FAUSETT@tops20.radc.af.mil writes: > >I'm looking for something like the old AT&T restricted shell (found in System >III and possibly later?) for a Sun system. I've got a guest user I need to >set up on the system with whom I have a good bit of trust, but still want to >discourage from poking around tyhe system. > >Does anyone know if such a beastie still exists? Mark: I don't know if the old rsh is available or not. However, it had several major deficiencies, and in that form is probably not recommended. Instead, you may want to write a small program to simulate a restricted shell, and use it in the /etc/passwd entry for restricted users. It should do the following: (System V assumed) 1 In his .profile : PATH=/RESTRICTED_DIRECTORY readonly PATH .profile must be non-writable by the user, and not owned by the user. And all parent directories must be non-writable by the user. 2. Install a small set of commands in /some_path/RESTRICTED_DIRECTORY These commands should be the minimal set needed by a restricted user. One characteristic of these commands is they should never allow the user to escape the shell. (a RESTRICTED mail, vi, etc may need to be written to prevent such escapes - easy to do with the source) 4. Put restricted users into a restricted file system by making that filesystem his root filesystem. Then, he can't cd to /bin and try to ./command or try to /bin/command or something similar. In fact, make /some_path/RESTRICTED_DIRECTORY the filesystem. As far as he is concerned, /some_path/RESTRICTED_DIRECTORY is his root directory. I may have left out something, but these are all fairly simple to do, and should provide a good deal or restriction. I'm sure lots of people will point out why it really isn't secure, however. -- Art Kamlet a_s_kamlet@att.com AT&T Bell Laboratories, Columbus
pcf@galadriel.bt.co.uk (Pete French) (08/18/89)
From article <20623@adm.BRL.MIL>, by FAUSETT@tops20.radc.af.mil: > > I'm looking for something like the old AT&T restricted shell (found in System > III and possibly later?) for a Sun system. I've got a guest user I need to > set up on the system with whom I have a good bit of trust, but still want to > discourage from poking around tyhe system. > > Does anyone know if such a beastie still exists? The restricted shell was exactly the same as the original shell - execpt it was invoked with the name "rsh". /bin/rsh was a link to /bin/sh. On a SUn (or any ethernet box indeed) this is a problem since rsh already exists. The restricted shell can, luckily, still be run. You just invoke it with a '-r' option. So put in your users .profile ... exec sh -r And he will have a restricted shell. If you want yoiur user to have his own .profile that is run on shell startup then write a C program to run as the login shell that execs /bin/sh with the '-r' option and an argv[0] of '-sh'. The '-' in front of the name causes the shell to run the .profile on startup. -Pete.
buck@siswat.UUCP (A. Lester Buck) (08/21/89)
In article <323@galadriel.bt.co.uk>, pcf@galadriel.bt.co.uk (Pete French) writes:
< The restricted shell was exactly the same as the original shell - execpt it was
< invoked with the name "rsh". /bin/rsh was a link to /bin/sh. On a SUn (or
< any ethernet box indeed) this is a problem since rsh already exists.
<
< The restricted shell can, luckily, still be run. You just invoke it with
< a '-r' option. So put in your users .profile ...
<
< exec sh -r
<
< And he will have a restricted shell.
/bin/rsh enforces its restrictions after the .profile is executed, and any
BREAK or DELETE actions by the user during .profile processing result in his
being logged off. A persistent rsh user could break out of this scheme
without much trouble by leaning on his interrupt key.
--
A. Lester Buck ...!texbell!moray!siswat!buckpcf@galadriel.bt.co.uk (Pete French) (08/23/89)
From article <443@siswat.UUCP<, by buck@siswat.UUCP (A. Lester Buck):
< In article <323@galadriel.bt.co.uk>, I wrote ...
< < The restricted shell can, luckily, still be run. You just invoke it with
< < a '-r' option. So put in your users .profile ...
< <
< < exec sh -r
< <
< < And he will have a restricted shell.
<
< /bin/rsh enforces its restrictions after the .profile is executed, and any
< BREAK or DELETE actions by the user during .profile processing result in his
< being logged off. A persistent rsh user could break out of this scheme
< without much trouble by leaning on his interrupt key.
Ummm...so write a C program to exec /bin/sh with the name "rsh" and make that
the login shell for the user. That should be safe.
There is an art to breaking restricted shells anyway - I am sure a persistent
rsh user will suss out a way round it sooner or later. I had a friend once who
was very good at this sort of thing : defining shell functions provided an
interesting escape route...
-Pete.
--
-Pete French. |
British Telecom Research Labs. | "The carefree days are distant now,
Martlesham Heath, East Anglia. | I wear my memories like a shroud..."
All my own thoughts (of course) | -SIOUXSIE