SUMMARY: PC-NFS without login access

From: Howard Schultens (hs@demeter.ukps.gwdg.de)
Date: Fri Aug 19 1994 - 16:39:00 CDT

Original query:

>I am trying to get a POPmail client to run on the MS-DOS boxes without giving
>every user full login access to the Sun. All the password checking must work
>and access rights must be enforced, but certain users should not be able to
>login to a shell and interact with Unix directly.

>I tried to implement this by substituting another program for a
>real shell in /etc/passwd for these users. I put in a
>simple shell script that informs the user that he has no login access to
>the Sun and exits.

>This prevents the POPmail client from validating the password on the Sun,
>so new mail cannot be accessed. In addition, users cannot do a "net login"
>on the PC, so they cannot access their files in file systems mounted from
>the Sun onto the PC.

Dan Stromberg - (strombrg@uci.edu) gave me the solution:

>Likewise for pcnfsd. I seem to vaguely recall that pcnfsd was happy
>with any login shell, so long as it ended in "sh" or something.
                       ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

This solution was implicit in the note from Jason Andrade (jason@ctpm.uq.oz.au)
whose substitute shell had the same name. I didn't realize that the shell name
MUST end in 'sh'.

I created a shell script 'nosh' that is just 4 lines:

#!/bin/sh
echo "Sorry", $USER, "you have no login access rights"
sleep 3
exit 1

and it works fine. Actually, I had been trying to get this to work under
the name 'nope' and it didn't work, neither did /bin/false as a substitute
shell.

Thanks also to:

Brent Chivers (bchivers.mitre.org)
Ian MacPhedran (Ian_MacPhedran@engr.USask.CA)
Stefan Hein (hein@tubtmpo1.ee.TU-Berlin.DE)

----------------------------------------------------------------------------
\ ..\ /../ Howard Schultens Tel: ++49 551 39 5914
 \.o.\ /../ Zentrum Physiologie FAX: ++49 551 39 5923
  \o.o> /: / Abteilung Neuro- und
   \o/ / \ Sinnesphysiologie
    Y R .oo \ Humboldtallee 23
     / o o.o \ D-37073 Goettingen
    <_*o*_*.*_> Germany E-Mail: hs@demeter.ukps.gwdg.de
--===r=R=r=Rr===------------------------------------------------------------

This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:09:08 CDT