SUMMARY: Login menu to keep users from shell needed

From: <sadvary_at_netmon.dickinson.edu>
Date: Tue, 14 Mar 95 16:24:15 -0500

sadvary_at_netmon.dickinson.edu originally posted:
> We're in search of a login menu system that would allow our users to
> TELNET, FTP, Mail, etc, and keep them (or the majority of them) from getting
> to the shell.
>
> We're looking to evaluate freeware, shareware, commercialware, etc-ware.
> Anyone have any clues where to look? Any comments on what works for you
> would be helpful also.

Thanks for all the responses. I didn't include any source code in this
message, otherwise it would be quite lenghty.
I'll be glad to forward to individuals what I have acquired so far.

-Bill Sadvary
 Dickinson College
 (sadvary_at_netmon.dickinson.edu)

--------------
>>Avery Pennarun (apenwarr_at_tourism.807-city.on.ca) wrote:
Believe it or not, "gopher" may be a good choice. You could also go with
lynx (WWW client). Both of these programs allow you to define external
programs like Pine. They also contain built-in ftp clients (or you can make
ftp an external program too if you like).

807-CITY will soon be opening a free-net type service with gopher as the
main menu, and it appears to be working well so far.

--------------
>>Randy Zeitvogel (rkz_at_hampstead.k12.nh.us) wrote:
Bill I wrote one of these for the machines in Hampstead. so far I have
it running only on a Sun-3, but it is pretty vanilla. Be happy to send
you the source.

--------------
>> Eric A. Bishop (ebishop_at_vt.edu) wrote:
A simple solution is to use the restricted shell (/bin/Rsh). You can
set up an Rshbin directory and put only telnet, FTP, and mail in there. Rsh
restricts changing directories and PATH as well as absolute path names
for executing things.

--------------
>> Fred Dulles (dulles_at_prometheus.chem.umn.edu) wrote:
        I'm pretty sure you can write a sort of menu interface in ksh (i.e as
a ksh script) which will do at lesat part of what you want. The accounts the
U of Minn. gives to all students run a script like this by default. The
trick would be to stop all shell escapes from within the various porgrams you
allow. I'm not sure how to do that. You might want to see if you can't get
in touch with the relevant people here at the U. The machine is
maroon.tc.umn.edu (which is some sort of sun not an alpha.)
Hope this helps,

--------------
>> Jim Esten (sysop_at_acs.stritch.edu) wrote:
Until we brought our user base up to speed in unix commands, I wrote a
menu system in the Kornshell which has worked quite well for us. I coded
it directly into the /etc/profile, bypassing the individual user .profile
and .login.

It is not completely secure, since you can shell out of FTP and a number
of client programs. The folks who are bright enough to figure that out
aren't the ones we're worried about anyway. Note that this method also
cannot stop a user from changing their login shell and bypassing the part
of the /etc/profile geared to most users. Still it is an effective
solution for us for our first year with OSF and the Internet.

....I can post it to you if you desire. I'm no wizard, and spartan more
than adequately describes it, but still, if it works, well......

--------------
>> Ken Teh (teh_at_chinook.phy.anl.gov) wrote:
There is no problem in replacing the shell program. But you should know
that it is possible to get to the shell from telnet, ftp and mail.

--------------
>> Kent Adams (Kent.Adams_at_jcu.edu.au) wrote:
We use one here called menu. Is available at
ftp.jcu.edu.au
/pub/unix/menu.tar.gz

I know it's not bullet proof regards shell access. Students have found
ways out. We are looking at using chroot with the menu items in an
attempt to fix this however where there's a restriction there'll always
be ways around it...

--------------
>> Joe Spanicek (joe_at_resptk.bhp.com.au) wrote:
The following is a similar setup I made for users on a SUN SPARC machine
though it should work on OSF/1 with 'csh'.

The customed '.cshrc' allows one user on a particular account at one time,
this '.cshrc' sat in the account directory and it allowed connections from
X-Terminals and PC based DesQview-X packages (simulate exterminals) after
logging into the account with a passwd if you want.

(SOURCE DELETED...)

--------------
>> Jon Eidson (J.Eidson_at_tcu.edu) wrote:

I too looked for such a package, but came up empty. There was a menu
program somewhere on the net that I tried, but it really messed up the
terminal. I have ended up writing something in shell script. It is
extremly simple, but works. Your are welcome to a copy if you want.

--------------
>> cceravi_at_leonis.nus.sg wrote:
  I have a menu system (using curses and C) that does what you want.
  Send me a mail and I can send it to you.

--------------
>>Philip M. Howard (howard_at_peinet.pe.ca) wrote:
SysAdmin magazine had such a system in an article last year. I'll have
a look for it so that I can tell you the issue.

Also... The Chebucto FreeNet (telnet: cfn.cs.dal.ca) uses Lynx and some
'hardened' versions of Pine, Tin, etc. to do the same thing. Their system
may not be released for general use yet, but you can contact the
'author', David Trueman, at aa001_at_cfn.cs.dal.ca.
Received on Tue Mar 14 1995 - 16:24:55 NZDT

This archive was generated by hypermail 2.4.0 : Wed Nov 08 2023 - 11:53:45 NZDT