Protecting against downloads

John Boteler bote at csense.uucp
Sun Sep 23 16:18:54 AEST 1990 

Posting for the benefit of the trustee:

>Message-Id: <9009222103.AA06890 at scicom.alphacdc.com>
>Date: 22 Sep 90 21:03:45 MDT (Sat)
>From: uunet!scicom.alphacdc.com!rick (Richard E. Oakes)
>Status: RO

> From article <2441 at sud509.ed.ray.com>, by heiser at tdw201.ed.ray.com:
> > In article <epeterso.653316195 at houligan> epeterson at encore.com writes:
> >>All in all, it ends up boiling down to the question "Why do you want
> >>to give your users shell access?"  To let them use the tools on the
> >>system to develop their own programs?  To learn Unix?  To experiment
> >>with various applications?  How far do you trust them?
> > What's a "public access unix" without shell access?  I want to provide
> > access for all of the reasons you mentioned here.  If I wanted to 
> > continue to ONLY allow access via a menu-driven program, I'd have no
> > reason to switch from my current dos bbs.

I came into this discussion a little late, but so far I have seen no
discussion of the oldest, but still effective way of controlling what users
do once they get to the shell: the use of /bin/rsh.  rsh does not let the user
cd to other directories, or execute commands with a path in the command (paths 
ARE allowed in the arguments), so you can controll exactly which commands they
can execute.  To implement this properly, you do need to remember a few things:

	The .profile of the user must be owned by root, and writeable ONLY by 
		root.
	The .profile must define a PATH that includes a directory such as 
		/rbin, and does NOT include /bin or /usr/bin.
	The .profile must define and export SHELL=/usr/rbin.  This will ensure
		that any shell called from vi or other programs are also rsh.
	
When you create the /rbin or similar directory, you ln any commands from 
/bin and /usr/bin that you wish the user to have unlimited access to (or
even from /usr/local, /usr/lbin, etc).  If you want to allow limited acces,
such as testing the arguments before allowing exeuction of the command, you
can write a shell script in /rbin that performs your test, then calls the
command from /bin.  For example, you might want to allow execution of the
'cat' command, but not allow reading of any file in /, /etc, /bin, or 
/usr/bin.  You write a shell script called /rbin/cat that tests its
arguments, and if they include any of the prohibited paths, send as error 
message to the user, and if not, passes the argument to /usr/bin/cat.

Richard Oakes

-- 
John Boteler   bote at csense.uucp           {uunet | ka3ovk}!media!csense!bote
SkinnyDipper's Hotline: 703-241-BARE | VOICE only, Touch-Tone(TM) signalling

More information about the Comp.unix.sysv386 mailing list