Very Computer

I am looking for a restricted shell (rsh is not secure enough: crtl-Z!)
or captive account mechanism that will restrict what users can do.
Also to log the commands that have been executed. Has anyone written
or knows if such a thing is avaliable ?

Operating Systems: SysVR4 and SunOS4.1.x

Thank you in advance for suggestions.

Regards,

Mark

 >I am looking for a restricted shell (rsh is not secure enough: crtl-Z!)

What will ^Z get them?  if /usr/lib/rsh is their login shell, then they
should only get another rsh.  If you are running a shell script simply trap
all the signals to print a message and exit.

 >or captive account mechanism that will restrict what users can do.
 >Also to log the commands that have been executed. Has anyone written
 >or knows if such a thing is avaliable ?

 >Operating Systems: SysVR4 and SunOS4.1.x

 >Thank you in advance for suggestions.

 >Regards,

 >Mark

--
  R.Stewart(Stew) Ellis, Assoc.Prof., (Off)313-762-9765   ___________________
  Humanities & Social Science,  GMI Eng.& Mgmt. Inst.    /   _____  ______

  Gopher,chimera,nn,tin,jove,modems, free code is best!/________/ /  /  / /

Any shell powerful enough to be called a shell cannot be restricted.

I suspect people might argue that you can do a chroot, restrict access
to the compiler, etc., but I really think that by the time you've
covered all the holes, you won't have a shell worthy of the name.

(I know this is not a rigorous definition:  you'd have to somehow
precisely define a shell first and be able to determine when a shell
is so restricted it is no longer a shell).

Simple programs with very limited function can be restricted, as long
as they don't, in turn, call something more complex.

dorian

--

House Information Systems
Washington, DC  20515

- Proff