cadwell@sumax.seattleu.edu (James A. Cadwell) (06/29/91)
I am trying to set up a restricted user account, thus far using /bin/rsh as the user's default shell. Question is, what controls which programs are restricted? i.e. ls is, but mkdir is not. This is using the standard "out of the box" PATH--no /usr/rbin in PATH. (I looked, but could not find this info in the manuals; pointers would be appreciated.) Also, is there a better way then using /bin/rsh? Have found, but not yet tried using chroot() as expositioned in [Thomas and Farrow _UNIX _Administration_Guide_For_System_V_ Prentice Hall, 1989]. Thanks all, Jim Cadwell
farestam@ORION.CERFACS.FR (Stefan Farestam) (06/30/91)
I guess the way to do this is to create a /usr/rbin directory, in
which you put links to the executables that you want the restricted
shell to access. Then you set the path of the restricted shell to
only contain /usr/rbin. I think it is also advisable to create a
subdirectory in the home directory of the restricted user which you
place him in whe logging in. A sample .profile for a restricted shell
could look like:
echo 'Available commands: talk, write and who'
/bin/echo 'tutor logged on '`date` from $REMOTEHOST '\n'\
`finger @$REMOTEHOST`\
| mail farestam
PATH=/usr/rbin
trap '.logout' 0
cd sorry
/Stefan
.................................................................
. Stefan Farestam <farestam@cerfacs.fr> .
. __ __ __ _ _ _ .
. / |_ )|_ /_\/ ( European Centre for Research and .
. \_ |__\| / \__) Advanced Training in Scientific Computation .
.................................................................