Subject: Restricted Mail
> Sun Managers,
> We have installed a production only system for use by both internal and
> external users. The users of the system are prevented from accessing
> UNIX by being placed into a controlled menu environment. However, we
> would like to give them access to mail, but unfortunately mail allows
> users to shell using "!".
> Is there a configuration parameter to disable shell in mail?
> (Note: more needed as a lister)
> Is there a restricted csh or other shell that will limit what users can do?
> Any other suggestion?
> I. Michael Snyder
> Voice: (202) 326-2298
> Fax: (202) 326-2050
> Email: firstname.lastname@example.org
From: Tom Slezak <email@example.com>
Wow, this is what happens when people "downsize" from mainframes to Unix,
I guess! Jesus, what a perversion of Unix, to chop off the ability to do
anything but punch menu buttons....you have my sympathies for having to
do this gelding.
Here's how I'd try it, assuming that I couldn't talk them out of it!
First, I'm assuming that your "controlled menu environment" does NOT
require them to have access to "normal" path directories like /bin and
I'd try setting their path to something like "/ftc/rubber-room" where
that directory contains EVERYTHING they need access to (use sym links
if you need a few things from /bin or whatever). Now, in that directory,
issue commands like:
ln -s /bin/true /ftc/rubber-room/sh
ln -s /bin/true /ftc/rubber-room/csh
Inside mail, users will now just get a silent and immediate return if
they attempt to use the "!" feature.
Of course, devious hackers might find a way to reset their path and then
all is lost...but you can't win at this game anyways! "Having a little bit
of Unix" is morally equivalent to "being a little bit pregnant".
From: Most others
Use an alternative mailer such as "elm" ( "ftp.uu.net" via anonymous ftp)
or "pine" that has more configuration parameters.
Elm has it's own builtin lister/paging program, which doesn't allow shell
escapes, and it also allows you to disable shell escapes from within the
mailer itself during compilation/installation. Elm provides a much
friendlier interface than Mail.
Pine resembles elm overall, but is significantly easier to use. It also
has a built-in editor (also available standalone as 'pico') that works
well and also does not have shell escapes.
It is possible for users to configure a few options in elm, one of which
is the paging program; if this becomes a problem, you could always run a
shell script nightly with cron that did the following:
1) scan all the .elm directories in the /home or /users partition for an
elmrc file with the current date.;
2) Scan each current-date elmrc file for the line "pager = more";
3) use awk, sed, or patch to alter that line back to "pager = builtin +"
Whatever mailer you use, they will subshell to vi or another editor when
composing a letter or reply and that product may allow the user to shell
1. Write your own interface and pipe the output to sendmail.
2. in .mailrc set - SHELL=/*/bin/rsh
However, on our Sun this is just a pointer to /*/bin/sh and performs no
3. Steven Myrtle (firstname.lastname@example.org) suggested he might set-up the
following variable for use in .mailrc if persuaded.
setenv SHELL .../disable
The following organizations typically restrict user access to Unix:
Michigan State University email@example.com
San Diego State University firstname.lastname@example.org
Andrew Scherpbier (email@example.com) writes:
Here at SDSU, we have many faculty and staff people reading mail from home.
Most of them are unix-illiterate, so we set up a restricted environment for
them. Basically we have a little program that is their login shell which
displays a menu of things they can do. (We allow mail, news, gopher, and whois)
For mail, we use a modified version of 'elm' We just took out all abilities
to save files or shell out. Since we didn't want to force 'vi' onto people
(There is also a problem with shelling out from there...) we chose a full
screen editor called 'e'. It is actually quite a nice editor; much like
wordstar. I modified it to also disable shelling out and I changed the
help a little to reflect the actions of sending mail more.
For news reading we use a restricted 'tin' program. For gopher, we use the
restricted mode on the unix gopher client.
This whole setup has worked for about 3 years, now. We have NEVER had a
complaint from a user about the setup! They seems to be able to find their
way around just fine. (I am really surprised with this since most of the
users are NOT computer/modem literate at all!)
If you want sources for any of the above, let him know...
This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:07:51 CDT