nolan@tssi.UUCP (Michael Nolan) (07/20/90)
I'm trying to set up some restricted accounts on my NCR Tower/450 running SysV.2 (NCR version 2.01.00). When I try to use /usr/bin/mailx, I get the following message: sh: /usr/ucb/more: restricted whenever I try to read a letter longer than 20 lines or so. I'm assuming this is because mailx is trying to use more and can't, because rsh doesn't allow execution of programs with paths using '/'. I've looked through the documentation and can't see anything of any help. Putting /usr/ucb in the PATH for the restricted user doesn't help. Other than going to /bin/mail, the only other mail program I have, are there any solutions to this problem? ------------------------------------------------------------------------------ Mike Nolan "I don't know what apathy is, Tailored Software Services, Inc. and I don't want to find out!" Lincoln, Nebraska (402) 423-1490 UUCP: tssi!nolan should work, if not try something like uunet!frith!upba!tssi!nolan
wescott@Columbia.NCR.COM (Mike Wescott) (07/21/90)
In article <1733@tssi.UUCP> nolan@tssi.UUCP (Michael Nolan) writes: > I'm trying to set up some restricted accounts Don't rely on rsh to be very secure, I've been told that it is fairly easy to break. > When I try to use /usr/bin/mailx, I get the following message: > sh: /usr/ucb/more: restricted > I'm assuming this is because mailx is trying to use more and can't, because > rsh doesn't allow execution of programs with paths using '/'. Correct. I suspect that the environment variable PAGER is set to /usr/ucb/more. Change it so that it is no longer an absolute pathname and it should work. -- -Mike Wescott mike.wescott@ncrcae.Columbia.NCR.COM
nolan@tssi.UUCP (Michael Nolan) (07/24/90)
Thanks to several persons for the info on the PAGER variable. I had to change it in the /usr/lib/mailx/mailx.rc file, but now the pager works OK. However, now I get the following message when exiting mailx: sh: /usr/lib/mailx/rmmail: restricted PS: I know that rsh is not very secure, but it's at least a little bit more secure than sh. Does anybody know a more secure shell? I'm not so much interested in defeating the bad guys, most of whom know more about unix that I ever want to know, but in keeping amateurs (non-programmers) from doing something that messes up somebody else's work. Mike Nolan
jon@savant.UUCP (Jon Gefaell) (07/25/90)
In article <1733@tssi.UUCP> nolan@tssi.UUCP (Michael Nolan) writes: >I'm trying to set up some restricted accounts on my NCR Tower/450 running >SysV.2 (NCR version 2.01.00). > >When I try to use /usr/bin/mailx, I get the following message: > sh: /usr/ucb/more: restricted >whenever I try to read a letter longer than 20 lines or so. Uhm, try putting commands that you want available to users in the rsh in the /usr/rbin directory, you _did_ rtfm, right? *sigh* -- +----------- Domain? DOMAIN? We Don't Need No Steeeenkin' Domain! -----------+ | __/\ | | \/~~ | +-savant!jon@virginia.edu {...}!uunet!virginia!savant!jon jeg7e@virginia.edu-+
harris@sauron.Columbia.NCR.COM (Ray Harris) (07/25/90)
In article <1738@tssi.UUCP> nolan@tssi.UUCP (Michael Nolan) writes: >Thanks to several persons for the info on the PAGER variable. I had to >change it in the /usr/lib/mailx/mailx.rc file, but now the pager works OK. > >However, now I get the following message when exiting mailx: > >sh: /usr/lib/mailx/rmmail: restricted > >Mike Nolan The man page discussion of rsh suggests setting up /usr/rbin and putting it in the rsh user's PATH (This must be done in the .profile). You can then create links to the appropriate commands that the user needs to execute. If you make /usr/rbin the entire PATH, this gives better control over what the user can execute, i.e., he can't execute everything in /usr/ucb, only those commands that are linked into /usr/rbin. We've done this on a 32/800 here, and it seems to work well. Ray Harris -- ray.harris@Columbia.NCR.COM (Ray Harris) ...!uunet!ncrlnk!ncrcae!harris ...!gatech!hubcap!ncrcae!harris
jimh%aubsch@mother.bates.edu (07/25/90)
No, they aren't incompatible. You can change the program which is used for paging through mail by setting the PAGER variable in the .mailrc file. See your mailx man pages for more info. ------------------------------------------------------------- Jim Hart aubsch!jimh@mother.bates.edu Dept. of Education Phone: 207-784-6431 P.O. Box 800, 23 High St. Auburn, ME 04210 "Happiness is a state of mind." USA