Looking for a restricted shell.
Jerry Peek
jerry at ora.com
Sat May 25 15:28:12 AEST 1991
In article <1991May23.033109.10724 at DMI.USherb.CA> pineault at DMI.USherb.CA (Christian Pineault) writes:
> I'm looking for a shell on SunOS 4.1.1 that would prevent users from
> using any armful commands.
>
> This could be something like a command interpreter and a permission
> file containing a list of allowed (or disallowed) commands.
Look into /usr/lib/rsh (that's the location on SunOS 4.1.1, anyway).
It's a restricted version of /bin/sh that keeps users from doing
all kinds of things. If you set the PATH in the .profile to a
directory with copies of the commands you want to allow (and/or
symbolic links to those commands), you're pretty safe. The rsh
adds restrictions like:
- not letting the user change the PATH
- the 'cd' command doesn't work
- the user can't type commands like /bin/foo (names with slashes)
Check the security section of your SunOS documentation set for an intro.
Our new UNIX Security book covers the restricted shell -- so do other
security books like Kochan & Wood (? -- sorry, I don't have a copy handy).
--Jerry Peek, O'Reilly & Associates, jerry at ora.com
More information about the Comp.unix.questions
mailing list