On 2012-03-12 15:19, Tim Daneliuk wrote:
I have a situation where I need to provide people with the ability to edit
files. However, under no circumstances do I want them to be able to exit
to the shell. The client in question has strong (and unyielding) InfoSec
requirements in this regard.
So ... are there editors without this feature? Can I compile something like
joe or vi to inhibit this feature?
I don't know if this will help, but it may provide an idea that could
spark something further.
You can force a user directly into an editor so they have no shell
access. For example, if the user has '/bin/csh' as their login shell,
adding:
exec /usr/local/bin/vim
into their ~/.cshrc file will force them directly into vim. When they
exit vim, they are immediately logged off.
However, I don't believe this will provide them any way to see their
files though.
vim's ":open filename" and ":w filename" still work, but shell commands
(eg ":! ls -la") don't.
Steve
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
