Thanks to:
Jim Belonis <belonis_at_dirac.phys.washington.edu>
Ross Alexander <rwa_at_cs.athabascau.ca>
Khalid Paden <khalid_at_FNAL.FNAL.GOV>
> 1.) Is there any way to tinker with the cd (change directory) command so that
> users who would try to execute it CANNOT go to other directories --they
> would be contained in their corresponding home directories but CAN move
> to the directories that they have made WITHIN their home directories?
Jim Belonis & Ross Alexander suggested chroot
---------------------------------------------
Investigate the chroot() subroutine call.
It is used by anonymous ftp to set a new 'root' directory
which prevents people from cd'ing outside of a particular directory tree.
Unfortunately, it also requires all executables to be within that
directory tree, so you have to build a facsimile /bin /lib etc.
containing ALL the programs you want runnable.
Khalid Paden comments:
---------------------
Try "sh -r", "Rsh", or "ksh -r" for restricted shells.
> 2.) Have been trying to establish a series of commands to be executed upon
> login for a particular group of users. Is it possible to execute these
> series of commands saved into a file that will be accessible to such users
> upon login OTHER than messing their .profiles?
Ross Alexander suggests:
-----------------------
ksh has the idea of a system default login or startup file; I suppose
you could hack an equivalent idea into csh (the sources are easy to
get).
> 3.) Anybody successfully compiled tcpwrappers on an DEC UNIX with the
> pre-login message features? Have enabled the corresponding features at
> the Makefile such as STYLE = -DPROCESS_OPTIONS that would
> support/enable the language extensions, made the corresponding filenames
> for the banner file, yet it seems that it still ain't working..
No response as this summary is done has been received
Bonn
:)
Received on Tue Aug 01 1995 - 13:48:17 NZST