noel@ubbs-nh.MV.COM (N. Del More) (08/14/89)
I've a need to restrict access to certain portions of my system, the most obvious choice was to use "rsh" as a shell for the users I wished to restrict. However, SCO has coded "/bin:/usr/bin" as the a default path into the shell itself. Really dumb, the usrs .profile will not over ride the default path. So, the question, is their a cure, fix, patch available, or is their an alternative? Many thanks! Noel P.S. Hey Russ! How long does it take a user with a restricted shell to get out of it? About 2 seconds flat.... try $csh <cr> geeez! -- Noel B. Del More | decvax!ubbs-nh!noel 17 Meredith Drive | noel@ubbs-nh.mv.com Nashua, New Hampshire 03063 | It's unix me son! `taint spozed tah make cents
rosso@sco.COM (Ross Oliver) (08/17/89)
In article <390@ubbs-nh.MV.COM> noel@ubbs-nh.MV.COM (N. Del More) writes: >I've a need to restrict access to certain portions of my system, the most >obvious choice was to use "rsh" as a shell for the users I wished to >restrict. >However, SCO has coded "/bin:/usr/bin" as the a default path into the >shell itself. Really dumb, the usrs .profile will not over ride the >default path. This is not correct. The rsh(C) manual entry states: When invoked with the name -rsh [as is done by /etc/login], rsh reads the user's .profile. It acts as the standard shell while doing this.... The restrictions above [i.e. forbidding changes to PATH] are enforced after .profile is interpreted. "/bin:/usr/bin" is the default if PATH is not set in .profile. However, if PATH is set in .profile, the path will be correctly restricted. I verified on a 2.3.2 system that this is indeed the behavior of rsh. Ross Oliver Technical Support The Santa Cruz Operation, Inc.
noel@ubbs-nh.MV.COM (N. Del More) (08/20/89)
In article <5102@viscous.sco.COM> rosso@sco.com (Ross Oliver) writes: >This is not correct. The rsh(C) manual entry states: > > When invoked with the name -rsh [as is done by /etc/login], rsh > reads the user's .profile. It acts as the standard shell while > doing this.... The restrictions above [i.e. forbidding changes > to PATH] are enforced after .profile is interpreted. > >"/bin:/usr/bin" is the default if PATH is not set in .profile. However, >if PATH is set in .profile, the path will be correctly restricted. I >verified on a 2.3.2 system that this is indeed the behavior of rsh. A public apology to Russ, and SCO, is in order here. I don't know what happened, but I was unable to override the default path as described in my original article. However, I did test the configuration once again and it did work as described. I can only assume that it had something to do with me, my system, or a full moon B-) So, seeing as how that SNAFU has been straightened out, would someone please be kind enough to steer me in the correct direction insofar as how I should set things up to restrict users. What I am trying to do is to allow others to access the system for the purposes of reading news, replying to same, general mail useage, access to the archives, and use of some of the application programs on the system. What I have done so far is to create a seperate directory (/usr/rbin) that will contain the programs that I will allow them to use, however, I am running into difficuties in that very often the program will not work correctly, usually because it calls or redirects input from another program. elm and mail are two that come to mind right off. Anyway, I'd be very grateful to hear what your solution or suggestions might be. Thanks! Noel