Devin, et al -- ...and then Devin Brown said... % % I'm a sysadmin of a Linux server in which users telnet (or ssh) into shells % using rbash so they can only execute progams I want them to execute. As of
Interesting. % right now the only E-Mail client I give them access to is Pine because Mutt % has a function where you can execute a shell command. If the command is It sure does. % /bin/bash the user is given a regular, unrestricted shell. I'd like to be % able to give my users access to Mutt, but not unless that function can be Even if you could turn off setting $shell or firing off any program you wish with !, that still doesn't get it; it would be trivial for someone in the know to modify $editor or even $display_filter, perhaps, to whatever s/he wanted and then send or read a message. I'm sure, too, that you wouldn't want to so cripple mutt as to make it unconfigurable; if you did that, you'd have PINE (well, maybe not *that* bad ;-) % disabled. (Preferrably at compile time. Command line switches and config % file options don't really seem secure to me.) Indeed they don't. % % Anyone know a way to do this? All I can suggest is that you restrict access to /bin/bash to some permitted user group (chmod o-a /bin/bash ; chgrp fullshell /bin/bash) and put your few special users (including any mail or cron or such daemons in there) and then kindly set shell=.../rbash for your users. % % % ~~~~~~~~~~~~~~~ % Devin Brown % Anthony Macauley Associates % (250) 995-3071 % [EMAIL PROTECTED] % www.gx.ca HTH & HAND & I'm quite interested not only in your final results but in other configuration you've done; is it canned or home-grown? :-D -- David T-G * It's easier to fight for one's principles (play) [EMAIL PROTECTED] * than to live up to them. -- fortune cookie (work) [EMAIL PROTECTED] http://www.justpickone.org/davidtg/ Shpx gur Pbzzhavpngvbaf Qrprapl Npg!
msg25305/pgp00000.pgp
Description: PGP signature
