From owner-freebsd-questions@FreeBSD.ORG Mon Mar 12 21:40:18 2012 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id D8D87106566B for ; Mon, 12 Mar 2012 21:40:18 +0000 (UTC) (envelope-from steve.bertrand@gmail.com) Received: from mail-yw0-f54.google.com (mail-yw0-f54.google.com [209.85.213.54]) by mx1.freebsd.org (Postfix) with ESMTP id 8F84A8FC0A for ; Mon, 12 Mar 2012 21:40:18 +0000 (UTC) Received: by yhgm50 with SMTP id m50so3665410yhg.13 for ; Mon, 12 Mar 2012 14:40:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; bh=Pvsrmd7FbwQoand7ksei/aceAPCpbSY0fALTjWK4BcU=; b=Py9X1i6ydwHVb2VQKTT7pqS+mgWMvZMX//e1YyaAjYPl4G+BiCo/7FGAVUDQEGxYJ6 CnbNmFVi3IsrRSbizDcq/fGTkBAfr4AQcgn7gFI9y8Vz6y3U9XR8Zl5HM8yZJyp1hdac +Str5rpanrGxGUOw0mCVh0MQV9EwXwE4EAj4h/e0NFZlaUaTHqxMQQX0vpRjRVDc3WUA wwh+ceXMRJAvU2owYVpzakHUiEooIMdJDtn5S7Qxh6iI2QtvPESP9Ix7pDhpK23wzc5M pldifgcKeKp+TWHVv19tNJIJy6F5+XTDHZgcvsIHazLM0h8r/oV3UE1atcIfkCoC0gmu N+TA== Received: by 10.182.141.9 with SMTP id rk9mr9218465obb.50.1331588417818; Mon, 12 Mar 2012 14:40:17 -0700 (PDT) Received: from [192.168.1.2] (dyn-dsl-to-76-75-113-195.nexicom.net. [76.75.113.195]) by mx.google.com with ESMTPS id q9sm22424219obz.14.2012.03.12.14.40.15 (version=SSLv3 cipher=OTHER); Mon, 12 Mar 2012 14:40:16 -0700 (PDT) Message-ID: <4F5E6D3A.50302@gmail.com> Date: Mon, 12 Mar 2012 17:40:10 -0400 From: Steve Bertrand User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:9.0) Gecko/20111222 Thunderbird/9.0.1 MIME-Version: 1.0 To: Tim Daneliuk References: <4F5E4C2A.1020005@tundraware.com> In-Reply-To: <4F5E4C2A.1020005@tundraware.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: FreeBSD Mailing List Subject: Re: Editor With NO Shell Access? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 Mar 2012 21:40:18 -0000 On 2012-03-12 15:19, Tim Daneliuk wrote: > I have a situation where I need to provide people with the ability to edit > files. However, under no circumstances do I want them to be able to exit > to the shell. The client in question has strong (and unyielding) InfoSec > requirements in this regard. > > So ... are there editors without this feature? Can I compile something like > joe or vi to inhibit this feature? I don't know if this will help, but it may provide an idea that could spark something further. You can force a user directly into an editor so they have no shell access. For example, if the user has '/bin/csh' as their login shell, adding: exec /usr/local/bin/vim into their ~/.cshrc file will force them directly into vim. When they exit vim, they are immediately logged off. However, I don't believe this will provide them any way to see their files though. vim's ":open filename" and ":w filename" still work, but shell commands (eg ":! ls -la") don't. Steve