Restricted Mail Summary

From: Michael Snyder (
Date: Tue May 18 1993 - 20:05:08 CDT

Original Inquiry:
Subject: Restricted Mail

> Sun Managers,
> We have installed a production only system for use by both internal and
> external users. The users of the system are prevented from accessing
> UNIX by being placed into a controlled menu environment. However, we
> would like to give them access to mail, but unfortunately mail allows
> users to shell using "!".
> Question:
> Is there a configuration parameter to disable shell in mail?
> (Note: more needed as a lister)
> (or)
> Is there a restricted csh or other shell that will limit what users can do?
> (or)
> Any other suggestion?
> Thanks,
> I. Michael Snyder
> Voice: (202) 326-2298
> Fax: (202) 326-2050
> Email:


From: Tom Slezak <>

Wow, this is what happens when people "downsize" from mainframes to Unix,
I guess! Jesus, what a perversion of Unix, to chop off the ability to do
anything but punch menu have my sympathies for having to
do this gelding.

Here's how I'd try it, assuming that I couldn't talk them out of it!
First, I'm assuming that your "controlled menu environment" does NOT
require them to have access to "normal" path directories like /bin and

I'd try setting their path to something like "/ftc/rubber-room" where
that directory contains EVERYTHING they need access to (use sym links
if you need a few things from /bin or whatever). Now, in that directory,
issue commands like:

ln -s /bin/true /ftc/rubber-room/sh
ln -s /bin/true /ftc/rubber-room/csh

Inside mail, users will now just get a silent and immediate return if
they attempt to use the "!" feature.

Of course, devious hackers might find a way to reset their path and then
all is lost...but you can't win at this game anyways! "Having a little bit
of Unix" is morally equivalent to "being a little bit pregnant".

From: Most others

     Use an alternative mailer such as "elm" ( "" via anonymous ftp)
     or "pine" that has more configuration parameters.

     Elm has it's own builtin lister/paging program, which doesn't allow shell
     escapes, and it also allows you to disable shell escapes from within the
     mailer itself during compilation/installation. Elm provides a much
     friendlier interface than Mail.

     Pine resembles elm overall, but is significantly easier to use. It also
     has a built-in editor (also available standalone as 'pico') that works
     well and also does not have shell escapes.

     It is possible for users to configure a few options in elm, one of which
     is the paging program; if this becomes a problem, you could always run a
     shell script nightly with cron that did the following:
     1) scan all the .elm directories in the /home or /users partition for an
        elmrc file with the current date.;
     2) Scan each current-date elmrc file for the line "pager = more";
     3) use awk, sed, or patch to alter that line back to "pager = builtin +"

     Whatever mailer you use, they will subshell to vi or another editor when
     composing a letter or reply and that product may allow the user to shell
     to Unix.

Other recommendations:

1. Write your own interface and pipe the output to sendmail.

2. in .mailrc set - SHELL=/*/bin/rsh
     However, on our Sun this is just a pointer to /*/bin/sh and performs no

3. Steven Myrtle ( suggested he might set-up the
     following variable for use in .mailrc if persuaded.
     setenv SHELL .../disable

The following organizations typically restrict user access to Unix:

Michigan State University
San Diego State University

Andrew Scherpbier ( writes:

Here at SDSU, we have many faculty and staff people reading mail from home.
Most of them are unix-illiterate, so we set up a restricted environment for
them. Basically we have a little program that is their login shell which
displays a menu of things they can do. (We allow mail, news, gopher, and whois)
For mail, we use a modified version of 'elm' We just took out all abilities
to save files or shell out. Since we didn't want to force 'vi' onto people
(There is also a problem with shelling out from there...) we chose a full
screen editor called 'e'. It is actually quite a nice editor; much like
wordstar. I modified it to also disable shelling out and I changed the
help a little to reflect the actions of sending mail more.
For news reading we use a restricted 'tin' program. For gopher, we use the
restricted mode on the unix gopher client.
This whole setup has worked for about 3 years, now. We have NEVER had a
complaint from a user about the setup! They seems to be able to find their
way around just fine. (I am really surprised with this since most of the
users are NOT computer/modem literate at all!)

If you want sources for any of the above, let him know...

This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:07:51 CDT