| Title: | DIGITAL UNIX�(FORMERLY KNOWN AS DEC OSF/1) |
| Notice: | Welcome to the Digital UNIX Conference |
| Moderator: | SMURF::DENHAM |
| Created: | Thu Mar 16 1995 |
| Last Modified: | Fri Jun 06 1997 |
| Last Successful Update: | Fri Jun 06 1997 |
| Number of topics: | 10068 |
| Total number of notes: | 35879 |
A colleague has suggested Rsh and/or C2 access control lists to implement the query fielded below. Has anyone any further suggestions while I delve down this path? ===== We are trying to create a restricted environment for the students on one of our Digital Unix servers (4100). What we want is basically the same feature that they use to set up ftp on servers. We would like our students to be chrooted into an area that has its own root, usr, bin, ... and then only put the commands in that we want them to execute. Unfortunately we have not been able to solve the problem(s) with things like password changing, or anything that has to do with updating their information in TCB areas, ... ===== Richard [Posted by WWW Notes gateway]
| T.R | Title | User | Personal Name | Date | Lines |
|---|---|---|---|---|---|
| 9589.1 | CFSCTC::SMITH | Tom Smith MRO1-3/D12 dtn 297-4751 | Wed Apr 23 1997 15:09 | 12 | |
Rsh (restricted Bourne shell) will prevent users from executing cd,
setting the PATH variable, specifying paths containing "/", or
redirecting output.
Another alternative is smrsh (sendmail restricted shell) that is
supplied with the sendmail sources and is intended to be used in the
sendmail "prog" mailer. It requires an explicit list of executable
programs (in /usr/adm/sm.bin), strips initial pathnames on programs,
and rejects commands with "\", redirection, pipes, ";", "&", "$", and
parentheses. I don't know offhand if it has chroot capabilities.
There may be others.
| |||||