Here is my problem:
My machine (i486/FreeBSD-2.0.5) has an 2 Gig SCSI HP-DAT tape drive
which should be accessible by sysadmins on several different machines. I
try to setup an 'tape' account which only accepts one interactive login
and nothing else (like 'su tape' or 'su - tape' etc.). In the moment I
realize this with some user specific shell profiles (that's not very
secure!) After a user logged in he/she can get the exclusive permissions
with an suid-perl script. The he/she can access the tape via rsh (the
.rhosts file is also set up by the perl script) from the machine who
needs the backup. After all is done the logout cleans the .rhosts file
and releases the 'tape' account.
One of the problem is the fact, that the 'tape' user can bypass all
of this with a simple change of the loginshell for example.
So I think I need the following:
- a prog/configurable shell which allows a chroot
- how can I protect multiple logins and a su to this 'tape' user
in an other way than doing a
if [...]; then
in the profile?
I'm very happy about any suggestions!