Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 5 Jun 2002 15:17:19 +0200
From:      Matthias Buelow <mkb@informatik.uni-wuerzburg.de>
To:        Alexander V Zubchenko <stalker@hermes-comp.zp.ua>
Cc:        Admin/Manager <leroy@3dmasters.net>, freebsd-questions@FreeBSD.ORG
Subject:   Re: SHELL ACCESS
Message-ID:  <20020605131719.GB1211@reiher.informatik.uni-wuerzburg>
In-Reply-To: <20020605093415.N38764-100000@server.hermes-comp.zp.ua>
References:  <000101c20bfa$6c740eb0$0264a8c0@3dmdomain.local> <20020605093415.N38764-100000@server.hermes-comp.zp.ua>

next in thread | previous in thread | raw e-mail | index | archive | help
Alexander V Zubchenko writes:

>I don't know about such features in shells, but you may play around with
>access permissions (e.g. make anything world-inaccessible, place users in
>nobody group and set rights so anything will b protected from access,
>excepting home).

Commercial systems typically have a "restricted shell" command, sometimes
under the name rsh (colliding with the remote shell, which is called remsh
on such systems.)  On FreeBSD, I think the (original) KornShell (ksh)
and GNU bash can be run in restricted mode.  It disables cd, and some other
builtins but it of course does not restrict programs that got invoked
by the user, so you have to be selective about which programs the user
is allowed to run.  vi(1) also can be run in restricted mode.


--mkb


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020605131719.GB1211>