From owner-freebsd-questions  Wed Jun  5  7: 2:22 2002
Delivered-To: freebsd-questions@freebsd.org
Received: from lexx.zssm.zp.ua (lexx.zssm.zp.ua [212.8.32.8])
	by hub.freebsd.org (Postfix) with ESMTP id B6BCC37B405
	for <freebsd-questions@FreeBSD.ORG>; Wed,  5 Jun 2002 07:02:08 -0700 (PDT)
Received: from server.hermes-comp.zp.ua (germes-comp.zssm.zp.ua [212.8.32.132] (may be forged))
	by lexx.zssm.zp.ua (8.9.2/8.9.2) with ESMTP id QAA18166;
	Wed, 5 Jun 2002 16:30:41 +0300 (EET DST)
Received: from localhost (localhost [127.0.0.1])
	by server.hermes-comp.zp.ua (8.11.3/8.11.3) with ESMTP id g55DRIa43076;
	Wed, 5 Jun 2002 16:27:18 +0300 (EEST)
	(envelope-from stalker@hermes-comp.zp.ua)
Date: Wed, 5 Jun 2002 16:27:18 +0300 (EEST)
From: Alexander V Zubchenko <stalker@hermes-comp.zp.ua>
To: Matthias Buelow <mkb@informatik.uni-wuerzburg.de>
Cc: Admin/Manager <leroy@3dmasters.net>,
	<freebsd-questions@FreeBSD.ORG>
Subject: Re: SHELL ACCESS
In-Reply-To: <20020605131719.GB1211@reiher.informatik.uni-wuerzburg>
Message-ID: <20020605161954.P42835-100000@server.hermes-comp.zp.ua>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

Greetings!

On Wed, 5 Jun 2002, Matthias Buelow wrote:

> Alexander V Zubchenko writes:
>
> >I don't know about such features in shells, but you may play around with
> >access permissions (e.g. make anything world-inaccessible, place users in
> >nobody group and set rights so anything will b protected from access,
> >excepting home).
>
> Commercial systems typically have a "restricted shell" command, sometimes
> under the name rsh (colliding with the remote shell, which is called remsh
> on such systems.)  On FreeBSD, I think the (original) KornShell (ksh)
> and GNU bash can be run in restricted mode.  It disables cd, and some other
> builtins but it of course does not restrict programs that got invoked
> by the user, so you have to be selective about which programs the user
> is allowed to run.  vi(1) also can be run in restricted mode.
>
>
> --mkb
>
>
Thx for info. I'v checked ports collection and find those shells:

flash - A ncurses-based restriction shell

With best regards, Alexander


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message