Re: [cobalt-users] restricting shell accts?

[Mat Kovach <mkovach@xxxxxxxxxxxxxxxxx>]

On Sun, May 21, 2000 at 08:35:55PM -0700, Jeff Lasman wrote:
: While it IS possible to restrict users shell access, it's not simple. 
: It's done through a lot of careful attention to detail in setting up
: permissions AND by using a shell that's been written to work in a
: chrooted environment.  You also need all important files for running the
: system duplicated for EACH user with a shell account.

If you don't want people to have shell access (and/or deal with the 
possible issues that shell access cause) then you shouild support it.
 
: There are ways to do it, and they ARE documented all over the Internet. 
: I've never tried this, and I have no idea if they interfere with the
: Cobalt's gui or not, but I presume they wood.

Actually if you get the O'Reaily book on Bash, it talks about the 
restricted bash shell, with MIGHT work the way people on the list
has descriped, but it still is going to take some reasearch and testing
to do so.
 
: We're thinking seriously of offering shell accounts; if/when we do, we
: will use a chrooted shell environment.  But on a "straight" linux box,
: NOT on a RaQ.

Offer shell accounts it insane, but with that said I do support them.  They
take a look of work, was Jeff said, making sure that the permissions are
set, etc.  Either way, the request of restricted shell accounts is not
any easy task, although do-able if one is willing to take the time to
do it.

-- 
Mat Kovach                                      mkovach@xxxxxxxxxxxxxxxxx
Cleveland Linux User Group                       http://cleveland.lug.net