From owner-freebsd-questions@FreeBSD.ORG Tue Mar 13 05:36:50 2012 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 66B71106564A for ; Tue, 13 Mar 2012 05:36:50 +0000 (UTC) (envelope-from eam1edward@gmail.com) Received: from mail-iy0-f182.google.com (mail-iy0-f182.google.com [209.85.210.182]) by mx1.freebsd.org (Postfix) with ESMTP id 24F5B8FC14 for ; Tue, 13 Mar 2012 05:36:49 +0000 (UTC) Received: by iahk25 with SMTP id k25so369539iah.13 for ; Mon, 12 Mar 2012 22:36:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; bh=K3cSaUocXSc0l0boe0bkAh9LvW5JnAwQApMTnC8Eppw=; b=xR4Y5RKUlYPhO2kuc9HzGukU7TkzeGnBTaaFq2Ulq6MQJ4f9JE7GHjsNr5RS6x79vn 71O1dku+GSi9rFIFOvxWydXzTqz8HmtjeeKJ+Es9MXrhNRSDo+prRuw5e96irqElrg+h +IUHcVYtzX+zsn0R+CEVG0YsWnqPL406gODhDMjbelLjAoGGjsv8oT5fNC4GKO8voKJX Ouz1TBtbuK/RGOuk9R3iyIEacj+4MfwJDzYJg3dxURWW3S8OCHmaPw+vyaB5UyARu3l0 xE4a0rUZ1p6P5pv7bNBOhd5olEMMTIGL/lIAkXRl7ZVP8icmdNE0VrV0CHCSCpNihf5J QeRw== Received: by 10.182.225.69 with SMTP id ri5mr10313841obc.74.1331617009596; Mon, 12 Mar 2012 22:36:49 -0700 (PDT) Received: from localhost.localdomain ([174.134.109.226]) by mx.google.com with ESMTPS id j9sm23361250obl.21.2012.03.12.22.36.48 (version=SSLv3 cipher=OTHER); Mon, 12 Mar 2012 22:36:49 -0700 (PDT) Message-ID: <4F5EDE06.60302@gmail.com> Date: Mon, 12 Mar 2012 22:41:26 -0700 From: "Edward M." User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:10.0.1) Gecko/20120225 Thunderbird/10.0.1 MIME-Version: 1.0 To: Robert Bonomi References: <201203130033.q2D0XUwg048729@mail.r-bonomi.com> In-Reply-To: <201203130033.q2D0XUwg048729@mail.r-bonomi.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd@edvax.de, freebsd-questions@freebsd.org Subject: Re: Editor With NO Shell Access? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 13 Mar 2012 05:36:50 -0000 On 03/12/2012 05:33 PM, Robert Bonomi wrote: >> From owner-freebsd-questions@freebsd.org Mon Mar 12 17:46:04 2012 >> Date: Mon, 12 Mar 2012 15:47:59 -0700 >> From: "Edward M." >> To: Polytropon >> Cc: freebsd-questions@freebsd.org >> Subject: Re: Editor With NO Shell Access? >> >> On 03/12/2012 03:23 PM, Polytropon wrote: >>> On Mon, 12 Mar 2012 15:19:51 -0700, Edward M. wrote: >>>> On 03/12/2012 03:10 PM, Polytropon wrote: >>>>> /etc/shells to work, but a passwd entry like >>>>> >>>>> bob:*:1234:1234:Two-loop-Bob:/home/bob:/usr/local/bin/joe >>>> I think this would not let the user to login,etc >>> I'm not sure... I assume logging in is handled by /usr/bin/login, >>> and control is then (i. e. after successful login) transferred >>> to the login shell, which is the program specified in the >>> "shell" field (see "man 5 passwd") of /etc/passwd. How is >>> login supposed to know if the program specified in this >>> field is actually a dialog shell? >>> >>> From "man 1 login" I read that many shells have a built-in >>> login command, but /usr/bin/login is the system's default >>> binary for this purpose if the "shell" (quotes deserved if >>> it is an editor as shown in my assumption) has no capability >>> of performing a login. >>> >>> >>> >> Now i gotta try this out. Off to >> hosed my system. > If other configuration is set up right (e.g. /etc/shells), you can name > *any* executable as the 'shell' field in /etc/passwd, and have it work. > > "Long, long, ago", I used this for client 'on demand' system back-up. They > just put the tape in the drive, and logged in as the 'backup' user. > > > *HOWEVER* this is -not- a solution for the OP's "problem", as a skilled, > _malicious_, user can change, say, vi(1)'s idea of what executable it > should invoke when a '!', or '!!' command is issued. I tried it out of curiosity to see if it was possible to login in joe, by the way the OS was configure. However my knowledge is not advance to continue, got stock on the message cannot not find "*-joerc" :-) Regards Ed