SUMMARY 2 : restricted vi for use with op/sudo

From: Francis Liu (
Date: Thu May 09 1996 - 21:06:32 CDT

I've received more info over the last few days, it is at the end.

I wrote:

> Fellow admins,
> I have a question about using editors with the sudo/op
> programs. I am looking for a vi based editor to give to users with
> restricted functionality. In particular, I want to be able to
> specify exactly which files are editable. For example, I want
> to be able to say vi <file>, and edit <file> and <file> only.
> I want the user to be unable to change the filename or read in
> another file or do anything else except edit the file specified
> on the command line.
> I was wondering if anybody has already modified an editor to do these
> things. I've got solaris 2.4, gcc + sunsoft C.

To summarise the answers,

The answer is no. If I want something like this, I'll have to either
1. hack the the source code for some editor myself; or
2. copy the file to edit to a safe place + owner, edit the file as
   te safe owner, then copy it back.

I received one other suggestion to use "rvi". I had already seen it,
and I think it's not useful for this. FYI, "rvi" is a setuid perl
wrapper that checks permissions and stops you changing your shell: but
it does not stop you reading in other files.

Since then, I've received more info:
1. lots of people told me about using nvi
        ( )

I had already looked at it, and found it difficult to modify
because it manipulated buffers to determine what the command is.
It just got too tricky to do easily. Todd C. Miller told me that
his version of nvi (1.59) had a "secure" option, but I didn't have
it the nvi that I had retrieved (1.34).

2. One reply about hacking up vim (another vi emulator with more

3. osh - the Operator SHell
osh comes with a hacked elvis (another vi impersonator) that
disallows reading/writing files other than those specified on
the command line. Which is exactly what I was looking for.
Being a shell, it also provides does other useful things. You
can restrict which commands can be run, you can restrict the files
that those commands can be run on, you can use /etc/groups (and
nis/nis+ equivalents) to determine classes of users, it logs all the
commands that have ever been run while the user is in the osh, is
supports cmdline operation just like sudo or op. The best part is
that it looks very much like a standard C shell.

I'm still deciding whether I should use op or osh, or a combination
of both at the moment.

Big thanks to Sanford Whitehouse <>

osh is available from

Thanks to:

Brett Lymn <>
Fedor Gnuchev <>
Sanford Whitehouse <>
H. Milton Johnson <>
Richard Gaupsas <>
Todd C. Miller <>


--                        Talk: +61 2 330 2091
Systems Programmer                            Fax : +61 2 330 1999
University of Technology, Sydney - Information Technology Division
           PO BOX 123, Broadway, NSW 2007, Australia

This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:10:59 CDT