From owner-freebsd-questions  Fri Aug  9 02:21:26 1996
Return-Path: owner-questions
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id CAA26268
          for questions-outgoing; Fri, 9 Aug 1996 02:21:26 -0700 (PDT)
Received: from mail.EUnet.hu (mail.eunet.hu [193.225.28.100])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id CAA26255
          for <freebsd-questions@freebsd.org>; Fri, 9 Aug 1996 02:21:22 -0700 (PDT)
Received: by mail.EUnet.hu, id LAA16132; Fri, 9 Aug 1996 11:21:09 +0200
Received: by CoDe.CoDe.hu (LAA00434); Fri, 9 Aug 1996 11:21:00 GMT
From: Gabor Zahemszky <zgabor@CoDe.hu>
Message-Id: <199608091121.LAA00434@CoDe.CoDe.hu>
Subject: Re: Shell Security
To: freebsd-questions@freebsd.org
Date: Fri, 9 Aug 1996 11:20:59 +0000 (GMT)
Cc: valtech@caribnet.net
In-Reply-To: <Pine.BSF.3.91.960808192025.168A-100000@vmp.bb.net> from "Sean Batson" at Aug 8, 96 07:29:26 pm
X-Mailer: ELM [version 2.4 PL24]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-questions@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

> 
> Are there any restricted unix shells
> for FreeBSD with good security. At
> present my system is like an open-sapulka(play ground, brothel)
> were confidential data and network config files
> are being viewed, downloaded and I
> would really like to restrict untrusted
> users, to their home directories. 
> 
> Are there any such shell available?

Yes, but not the standard ones.  (I have 2.1R, so maybe it has changed in 2.1.5)
So: sh has no rsh (there is rsh, but it's remote shell), csh has no rcsh, 
bash has no rbash, (I don't know zsh and tcsh) BUT on ports, there is pdksh
(it is a better ksh than bash and zsh!), and it supports it.  If I remember well,
it's 5.2.3, and the last version is 2.5.7 from ftp://ftp.cs.mun.ca:/pub/pdksh
(it has many new bug fixes - and maybe bugs, too) - so use that.  Or get the
original AT&T ksh from http://www.reseach.att.com:80/orgs/ssr/book/reuse/
(maybe it has some problems, the ksh93(version xxx/d) had a Linux a.out, and
a BSDI 2.0 version, so we had to use the Linux version with linuxemu - it
worked fine -, but the last version xxx/f(?) is a Linux elf (interesting,
but a today letter from David Korn says, it's aout), and a BSDI 2.0 - so in
<= 2.1.5, we cannot run it - only in -current(?)).  So get pdksh (or search
for an older version of Linux ksh93).

Bye, Gabor

-- 
	Gabor Zahemszky <zgabor@CoDe.hu>

-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-
Earth is the cradle of human sense, but you can't stay in the cradle forever.
						Tsiolkovsky