by c.. » Thu, 25 Sep 1997 04:00:00
to disable "!" (escape to shell) while they are viewing the file in "more/pg".
Note, these users generally work from a captive menu and are restricted
from command entry.
I have checked man pages for these commands but can't see
any means of enforcing this restriction.
Any suggestions would be welcome as well as any other commands I might use to
accomplish this.
TIA
by Dave Plon » Thu, 25 Sep 1997 04:00:00
: to disable "!" (escape to shell) while they are viewing the file in "more/pg".
: Note, these users generally work from a captive menu and are restricted
: from command entry.
These utilities should use the environment variable "SHELL", if set, to
determine which shell to lauch. Just set (and export) it to something
harmless like "/bin/false":
ksh$ SHELL=/bin/false less file
Dave
--
by Tapani Tarvaine » Fri, 26 Sep 1997 04:00:00
SHELL=/bin/true EDITOR=/bin/true more file
--
Tapani Tarvainen
by Brian McCaule » Fri, 26 Sep 1997 04:00:00
You are probably going about this the wrong way - seeking to treatQuote:> I have checked man pages for these commands but can't see
> any means of enforcing this restriction.
--
. _\\__[oo from | Phones: +44 121 471 3789 (home)
. l___\\ /~~) /~~[ / [ | PGP-fp: D7 03 2A 4B D8 3A 05 37...
# ll l\\ ~~~~ ~ ~ ~ ~ | http://wcl-l.bham.ac.uk/~bam/
by Volker Borche » Fri, 26 Sep 1997 04:00:00
|> You are probably going about this the wrong way - seeking to treat
|> individual symptoms rather than the root cause. If you've made the
|> account "captive" by giving it an ordinary shell and creating a login
|> script then you will likely find many such holes. Consider doing it
|> the right way - making the shell entry in /etc/passwd point to the
|> menu program/script directly.
Or look at smrsh (SendMail Restricted SHell) from sendmail 8.8.x.
It will only allow commands from a single directory to be executed.
No PATH or SHELL setting will override this.
vb
--
by luv.. » Sun, 28 Sep 1997 04:00:00
> to disable "!" (escape to shell) while they are viewing the file in "more/pg".
> Note, these users generally work from a captive menu and are restricted
> from command entry.
> I have checked man pages for these commands but can't see
> any means of enforcing this restriction.
> Any suggestions would be welcome as well as any other commands I might use to
> accomplish this.
> TIA
best of luck,
andru
by era eriksso » Sun, 28 Sep 1997 04:00:00
> to disable "!" (escape to shell) while they are viewing the file in
>?"more/pg".
Try setting SHELL=/bin/false before running less (perhaps in their
login script). Remember to export :^)
/* era */
--
Paparazzi of the Net: No matter what you do to protect your privacy,
they'll hunt you down and spam you. <http://www.iki.fi/~era/spam/>
1. GETSERVBYNAME()????????????????????"""""""""""""
Hi,
Does anyone know why
struct servent *serv;
serv=getservbyname("exec","tcp");
gives a warning err of incomparible pointer type?
I also can't get rexec to function. It compiles ok....
Thanks
Kirk
2. terminal
3. """"""""My SoundBlast 16 pnp isn't up yet""""""""""""
5. Type "(", ")" and "{", "}" in X...
6. Lockup on named pipe operations under System V R4.
7. csh: escaping "{" and "}" in command substitution
9. "umsdos" vs "vfat" vs "looped ext2"
10. "Novell-like","non-TCP/IP","networking" OS to place Unix
11. "netstat -nr" should show "default" or "0.0.0.0"?
12. "write" "to" "flon" commands
13. Problems with "df" and "du" on "/var"