Many people suggested using sudo. I already use sudo to allow certain
individuals to perform a very limited number of operations as root. I know of no
way to use sudo as a restricted shell?
Someone suggested /usr/lib/rsh, but that does not permit cd to be performed.
I got one referal to the FAQ (I don't know why I haven't looked there yet, I
HAVE looked through just about everything else I have available).
One suggestion to check:
http://www.uwsg.indiana.edu/hypermail/linux/big-linux/9508/subject.html#start
and
http://www-archive.stanford.edu/lists/sun-managers/hyper95/subject.html#5626
A suggestion that I setup a directory containing links to the permitted
commands, and then restricting the PATH in accounts to be restricted. Not
terribly secure, but does the job of preventing accidental use of undesired
commands.
A pointer to: ftp://ftp.c3.lanl.gov/pub/mcn/osh.tar.Z which looks interesting.
My thanks to:
"Trevor Paquette" <TrevorPaquette@aec.ca>
ahill@lanser.net (Alan Hill)
miquel@proton.uab.es (Miquel Cabanas. BBM-UAB)
"Matt Hill" <MHILL@graver.com>
Lisa Lopshire <lisa@e-z.net>
Francis Liu <fxl@pulse.itd.uts.edu.au>
Marc S. Gibian
Telos Consulting Services phone: (617) 377-6350
PRISM/TFS email: gibian@stars1.hanscom.af.mil
attached mail follows:
I've been frantically searching my archives & the web with no success...
I need a restricted shell for my Solaris 2.5 SPARCstation 20s that allows cd and
allows the system administrator to specify the set of permissible commands. rksh
and /usr/lib/rsh don't fit the bill, so I am looking for pointers and need them
quickly.
Thanks for your help,
Marc
Marc S. Gibian
Telos Consulting Services phone: (617) 377-6350
PRISM/TFS email: gibian@stars1.hanscom.af.mil
This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:11:08 CDT