Looking for a restricted shell.

der Mouse mouse at thunder.mcrcim.mcgill.edu
Fri May 24 21:47:10 AEST 1991


In article <1991May23.033109.10724 at DMI.USherb.CA>, pineault at sarcelle.DMI.USherb.CA (Christian Pineault) writes:

> I'm looking for a shell on SunOS 4.1.1 that would prevent users from
> using any armful commands.

I assume you meant `harmful', though it's amusing to contemplate
possible meanings for `armful'....

The simplest way to do this is to remove their login access.

I'm serious.  UNIX provides much power, but with this power comes the
power to shoot yourself in the foot.  If you were to prohibit all
potentially destructive actions, there wouldn't be much left that one
could do; you would more or less have to make the entire system
read-only for that user.  (Which you could, I suppose, do, but in the
right circumstances even read access could be harmful.)

Assuming that's not acceptable, you're left with the problem of drawing
the line: how much potential destruction is acceptable?  Unfortunately,
UNIX does not recognize the difference between destroying a worthless
scratch file you were using to play with the editor and destroying the
only existing copy of the quarterly reports you have to present at next
week's meeting.  Avoiding *that* then becomes a matter of managing
ownerships and permissions correctly, and that's not something you can
manage by preventing users from using certain commands.

If you already know what commands you do or don't want the users to be
able to use, it's not hard.  If you want them to have access to only a
subset of commands, make their login shells chroot() to a directory
somewhere and exec the desired shell, then underneath that directory
create whatever playpen world you want.  If you want them to have
access to all but a certain list of commands, move those commands into
a special directory, then turn off the world (and possibly group)
execute bit(s) on that directory (and set its ownerships to match).

It also depends on whether you're trying to protect against accident or
malice (the latter is much harder, of course), and whether you're
trying to protect against users harming themselves or harming others.

					der Mouse

			old: mcgill-vision!mouse
			new: mouse at larry.mcrcim.mcgill.edu



More information about the Comp.unix.questions mailing list