pineault@sarcelle.DMI.USherb.CA (Christian Pineault) (05/23/91)
Hi, I'm new to the net so I hope this is not a frequently asked question. I'm looking for a shell on SunOS 4.1.1 that would prevent users from using any armful commands. This could be something like a command interpreter and a permission file containing a list of allowed (or disallowed) commands. Your help would be appreciated. Thanks, Chris -- --- Christian Pineault - Sherbrooke University - Internet: pineault@dmi.usherb.ca --- auto-disclaim: errno 7 at line 5
dcc@hpopd.pwd.hp.com (Daniel Creswell) (05/24/91)
Hi there, This should be pretty easy. The KSH can be invoked as a restricted shell. I dontremember exact details but it should be in the manual entry. I hope thats a help Regards, Dan C.
mouse@thunder.mcrcim.mcgill.edu (der Mouse) (05/24/91)
In article <1991May23.033109.10724@DMI.USherb.CA>, pineault@sarcelle.DMI.USherb.CA (Christian Pineault) writes: > I'm looking for a shell on SunOS 4.1.1 that would prevent users from > using any armful commands. I assume you meant `harmful', though it's amusing to contemplate possible meanings for `armful'.... The simplest way to do this is to remove their login access. I'm serious. UNIX provides much power, but with this power comes the power to shoot yourself in the foot. If you were to prohibit all potentially destructive actions, there wouldn't be much left that one could do; you would more or less have to make the entire system read-only for that user. (Which you could, I suppose, do, but in the right circumstances even read access could be harmful.) Assuming that's not acceptable, you're left with the problem of drawing the line: how much potential destruction is acceptable? Unfortunately, UNIX does not recognize the difference between destroying a worthless scratch file you were using to play with the editor and destroying the only existing copy of the quarterly reports you have to present at next week's meeting. Avoiding *that* then becomes a matter of managing ownerships and permissions correctly, and that's not something you can manage by preventing users from using certain commands. If you already know what commands you do or don't want the users to be able to use, it's not hard. If you want them to have access to only a subset of commands, make their login shells chroot() to a directory somewhere and exec the desired shell, then underneath that directory create whatever playpen world you want. If you want them to have access to all but a certain list of commands, move those commands into a special directory, then turn off the world (and possibly group) execute bit(s) on that directory (and set its ownerships to match). It also depends on whether you're trying to protect against accident or malice (the latter is much harder, of course), and whether you're trying to protect against users harming themselves or harming others. der Mouse old: mcgill-vision!mouse new: mouse@larry.mcrcim.mcgill.edu
chet@odin.INS.CWRU.Edu (Chet Ramey) (05/24/91)
In article <1991May23.033109.10724@DMI.USherb.CA> pineault@sarcelle.DMI.USherb.CA (Christian Pineault) writes: >I'm looking for a shell on SunOS 4.1.1 that would prevent users from >using any armful commands. `/bin/true' -- Chet Ramey Internet: chet@po.CWRU.Edu Case Western Reserve University NeXT Mail: chet@macbeth.INS.CWRU.Edu ``Now, somehow we've brought our sins back physically -- and they're pissed.''
jerry@ora.com (Jerry Peek) (05/25/91)
In article <1991May23.033109.10724@DMI.USherb.CA> pineault@DMI.USherb.CA (Christian Pineault) writes: > I'm looking for a shell on SunOS 4.1.1 that would prevent users from > using any armful commands. > > This could be something like a command interpreter and a permission > file containing a list of allowed (or disallowed) commands. Look into /usr/lib/rsh (that's the location on SunOS 4.1.1, anyway). It's a restricted version of /bin/sh that keeps users from doing all kinds of things. If you set the PATH in the .profile to a directory with copies of the commands you want to allow (and/or symbolic links to those commands), you're pretty safe. The rsh adds restrictions like: - not letting the user change the PATH - the 'cd' command doesn't work - the user can't type commands like /bin/foo (names with slashes) Check the security section of your SunOS documentation set for an intro. Our new UNIX Security book covers the restricted shell -- so do other security books like Kochan & Wood (? -- sorry, I don't have a copy handy). --Jerry Peek, O'Reilly & Associates, jerry@ora.com
mike@bria.UUCP (mike.stefanik) (05/26/91)
In an article, pineault@sarcelle.DMI.USherb.CA (Christian Pineault) writes: >I'm looking for a shell on SunOS 4.1.1 that would prevent users from >using any [h]armful commands. Here is the source to a shell that you might find useful: #include <stdio.h> #include <string.h> #include <signal.h> main(argc,argv) int argc; char *argv[]; { char *image, buf[1024]; char *tok; signal(SIGINT,SIG_IGN); signal(SIGQUIT,SIG_IGN); image = strrchr(argv[0],'/'); image++; printf("$ "); while ( fgets(buf,1024,stdin) != NULL ) { tok = strtok(buf," \t\n"); if ( ! strcmp(tok,"exit") ) break; if ( tok && strlen(tok) > 0 ) fprintf(stderr,"%s: %s: permission denied\n", image, tok); printf("$ "); } return 0; } -- Michael Stefanik, MGI Inc, Los Angeles | Opinions stated are never realistic Title of the week: Systems Engineer | UUCP: ...!uunet!bria!mike ------------------------------------------------------------------------------- If MS-DOS didn't exist, who would UNIX programmers have to make fun of?
edw@sequent.UUCP (Ed Wright) (05/28/91)
In article <1991May24.114710.5024@thunder.mcrcim.mcgill.edu> mouse@thunder.mcrcim.mcgill.edu (der Mouse) writes: %In article <1991May23.033109.10724@DMI.USherb.CA>, pineault@sarcelle.DMI.USherb.CA (Christian Pineault) writes: % %> I'm looking for a shell on SunOS 4.1.1 that would prevent users from %> using any armful commands. % %I assume you meant `harmful', though it's amusing to contemplate %possible meanings for `armful'.... % %The simplest way to do this is to remove their login access. % %I'm serious. UNIX provides much power, but with this power comes the Much stuff deleted Well, you could create a few new groups. Let your commands be owned by a member of one the groups. Then allow group membership to those groups for only those people you want to be to use the commands. (SEig Heil administration) On a friendlier note alias cp to cp -i set noclobber, and alias rm to mv \!* /someplace that gets cleaned out every so often, like perhaps ~/.temp. rksh is a good idea. The best thing you can however, is EDUCATE YOUR USERS ! I firmly believe that an administrator that does not enlighten or ensure that someone else enlightens the new users is just not doing his/her/its job. Period. End of sentence. Ed -- I think I've got the hang of it now .... :w :q :wq :wq! ^d X exit X Q :quitbye CtrlAltDel ~~q :~q logout save/quit :!QUIT ^[zz ^[ZZ ZZZZ ^H ^@ ^L ^[c ^# ^E ^X ^I ^T ? help helpquit ^D ^d ^C ^c help exit ?Quit ?q anybackbone!sequent!edw edw@sequent.COM KA9AHQ 28.340