Many thanks for all the replies, folks! Yes, there is already a form
of restricted shell on SunOS, hidden away in sh.
According to Jim Mattson <jmattson@UCSD.EDU>:
>Unless Sun has severely broken sh, just make /usr/bin/rsh a link to
>/usr/bin/sh. You should find that this is how your rsh on the Iris is set
>up. When sh starts, it checks the first alphabetic character of argv[0] to
>see if it's an 'r'. If so, you get a restricted shell.
And, yes, this does work just fine!! Thanks, Jim.
Also, from knutson%SW.MCC.COM@MCC.COM (Jim Knutson):
>Last I understood, you make a link to /bin/sh such that the new name has an "r"
>in it (e.g. rs, rshell, etc.) and you get a restricted shell. Actually, I
>think that "shr" and "srh" would be restricted as well (i.e. you don't have
>to have the first character be an r).
And, also from csmoko@relay.nswc.navy.mil:
>It is there, but it does not jump out at you. In order to accrss it
>you invoke a 'sh -r'. You could make a script that did an exec of
>sh -r and name it resh (not to be confused with /usr/ucb/rsh).
According to payan@Corp.Sun.COM (Nozar Payandehjoo), the following works:
>Look into /usr/lib/rsh. (This is linked to /bin/sh.)
However, I could only find this on one of our systems running 4.1. Our
server (still running 4.0.3) didn't have this link for some reason.
Many thanks to all that replied!
Larry Thorne
NSF ERC
Mississippi State University
larryt@ae.msstate.edu
This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:05:58 CDT