HELP: DAT should be useable by specific account (restricted shell, etc)

HELP: DAT should be useable by specific account (restricted shell, etc)

Post by Lars Koell » Mon, 25 Sep 1995 04:00:00

   Hello gurus!

   Here is my problem:

      My machine (i486/FreeBSD-2.0.5)  has an 2 Gig  SCSI HP-DAT tape drive
   which should be accessible by sysadmins on several different machines. I
   try to setup an 'tape' account which only  accepts one interactive login
   and nothing else (like 'su tape' or 'su -  tape' etc.).  In the moment I
   realize  this with some  user  specific shell profiles  (that's not very
   secure!) After a user logged in he/she can get the exclusive permissions
   with an suid-perl script. The  he/she can access the  tape via rsh  (the
   .rhosts file  is also set up  by the perl script)   from the machine who
   needs the backup.  After all is done the  logout cleans the .rhosts file
   and releases the 'tape' account.

      One of the problem is the  fact, that the 'tape'  user can bypass all
   of this with a simple change of the loginshell for example.

   So I think I need the following:

        - a prog/configurable shell which allows a chroot
        - how can I protect multiple logins and a su to this 'tape' user
          in an other way than doing a

                if [...]; then

          in the profile?

   I'm very happy about any suggestions!




1. /etc/ftpaccess config - need to restrict deletes for some real accounts

I'm trying to setup FTP to not allow deletes for certain 'real' accounts.  I
tried the following in /etc/ftpaccess:

delete no jsmith

That did not work, then I tried:

class nodel jsmith
delete no nodel

I don't understand these classes.  This does work:

delete no real

But then no one can delete anything from FTP.  I want this only for some users.

My server is SCO OpenServer 5.0.5.

Gary Quiring

2. amd756 and amd8111 sensors support

3. /etc/account (was: Re: locked my root !)

4. G/Ethernet 16 bit card

5. Restricted Shell Account

6. HELP - FreeSCO Boot disk probs on Pentium

7. Temporary restricted shell accounts: howto

8. Can't get Xwindows

9. Restricted (or Captive) Account/Shell

10. Restricted Bash Shell Accounts

11. Alternative editors to vi (for restricted shell accounts)

12. restricting users with shell accounts

13. Best way for a restricted shell account