next message in archive
no next message in thread
previous message in archive
previous message in thread
Index of Subjects
Index of Subjects Hi, On Dec 15, 10:23am, "David L. Potter" wrote: } Subject: Re: ** CONFIDENTIAL ** > > With respect to "access" to the shell... my understanding is that > limiting a users access to dot files is in many ways protecting them from > themselves and thus maintaining a 'stable' configuration across a large > number of users (certainly makes it a lot easier for the volunteers!) > > There have always been ways to view hidden files but anyone who can use > vi is 'on their on hook' if they mash a dot file. > > As long as a user is logging on through a regular account, their time > limits will remain in effect. Users that discover and use these 'holes' > should do suitable pennance... I favour making them write documentation > but then I have a bias... ;-) I did some experimenting a while back with an older release of csuite to resolve this particular problem. The approach I took was to replace the normal #!/bin/sh at the top of the cfn script with #!/usr/lib/rsh. For those of you not familiar with /usr/lib/rsh it is called "restricted shell" and it allows a system administrator to limit what directories and commands a shell user can access. By using /usr/lib/rsh instead of /bin/sh you can make sure that if users do break out of the lynx interface they are still fairly tightly controlled. Most versions of Unix come with such a restricted shell. I found no real problems using /usr/lib/rsh over /bin/sh. The trick is in making sure you create a fairly restricted PATH variable. Restricted shell users can use ".." in their cd commands, they can't specify commands with path components (like /usr/bin/mail) and are restricted in other ways. The man page on "sh" should talk about it more. dan -- Dan Trottier dan@mcmaster.ca Dept of Computer Science & Systems http://www.dcss.mcmaster.ca/~dan McMaster University, Hamilton, Ontario (905) 525-9140 x23444
next message in archive
no next message in thread
previous message in archive
previous message in thread
Index of Subjects