From owner-freebsd-questions Wed Jun 5 6:17:26 2002 Delivered-To: freebsd-questions@freebsd.org Received: from reiher.informatik.uni-wuerzburg.de (wi4d22.informatik.uni-wuerzburg.de [132.187.101.122]) by hub.freebsd.org (Postfix) with ESMTP id 3976837B404 for ; Wed, 5 Jun 2002 06:17:21 -0700 (PDT) Received: by reiher.informatik.uni-wuerzburg.de (Postfix, from userid 1001) id D2197AF7D; Wed, 5 Jun 2002 15:17:19 +0200 (CEST) Date: Wed, 5 Jun 2002 15:17:19 +0200 From: Matthias Buelow To: Alexander V Zubchenko Cc: Admin/Manager , freebsd-questions@FreeBSD.ORG Subject: Re: SHELL ACCESS Message-ID: <20020605131719.GB1211@reiher.informatik.uni-wuerzburg> References: <000101c20bfa$6c740eb0$0264a8c0@3dmdomain.local> <20020605093415.N38764-100000@server.hermes-comp.zp.ua> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20020605093415.N38764-100000@server.hermes-comp.zp.ua> User-Agent: Mutt/1.3.28i Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Alexander V Zubchenko writes: >I don't know about such features in shells, but you may play around with >access permissions (e.g. make anything world-inaccessible, place users in >nobody group and set rights so anything will b protected from access, >excepting home). Commercial systems typically have a "restricted shell" command, sometimes under the name rsh (colliding with the remote shell, which is called remsh on such systems.) On FreeBSD, I think the (original) KornShell (ksh) and GNU bash can be run in restricted mode. It disables cd, and some other builtins but it of course does not restrict programs that got invoked by the user, so you have to be selective about which programs the user is allowed to run. vi(1) also can be run in restricted mode. --mkb To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message