SUMMARY: Restricted User file System

From: John W. Funk (jwf@ccuc.on.ca)
Date: Thu Jan 23 1997 - 13:20:38 CST


Thanks to Those who replied,

popp@corpmail.nwest.attws.com (Jeff Popp)
"Colin J. Wynne" <cwynne@brutus.mts.jhu.edu>
John Justin Hough <john@oncology.uthscsa.edu>
Rich Kulawiec <rsk@itw.com>
*and* any others I may have missed, mail was down for two days

Mainly, two suggestions,

1. use /usr/lib/rsh, as the system supplied restricted shell
2. use /usr/sbin/chroot /usr2/ruser /bin/sh as the login shell
        with /usr2/ruser as the home directory

The restricted shell does not have enough features, and the second I
was able to run as su from a shell prompt, but not as the login shell,
I kept getting the message

su: No shell

I searched Sunsolve and the Archives, there was some stuff on this message,
but none seemed to work, or did not apply. Then, I tried truss to give a clue,
but to no avail.

If anyone has anymore ideas, I'll be please to post a second summary.

Thanks again,
jwf

----- Begin Original Message -----

>From jwf@ccuc.on.ca Wed Jan 8 12:53:50 1997
Date: Wed, 8 Jan 1997 09:59:04 -0500
From: jwf@ccuc.on.ca (John W. Funk)
To: sun-managers@ra.mcs.anl.gov
Subject: Restricted User file System

Friends,

I have a need to provide a a modem login, into a restricted file system,
and remember reading about it in man pages for Solaris 2.4. (am currently on
2.5, with clients at 2.5 and 2.5.1) I can find no reference to it in
Solaris 2.5, and wonder if it is still available, and what are all the
necessary files to put into the restricted file system.
(/restricted/{etc,bin,dev,lib} etc.

The method described, as I recall, was to put a * in one of the fields of
the passwd file, or give the chroot command in the passwd file. I know this
is vague, but have no immediate access to Solaris 2.4, and hope some
of you have done this, or can remember what I am referring to.

Thanks in advance, will summarize,
jwf

John W. Funk, P.Eng voice: 905-829-5028
CAD/CAM & Unix Consultants Inc. fax: 905-829-0517
P.O. Box 61024, Maple Grove P.O. email: jwf@ccuc.on.ca
Oakville, Ontario, Canada L6J 7P5

----- End Included Message -----



This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:11:43 CDT