On 7/25/05, Abel Talaversn Estevez <[EMAIL PROTECTED]> wrote:
> Hi all,
>
> I need to create a particular but simple shell for a firewall running OpenBSD
> 3.6. The idea is create a user whose shell is a very limited one. This shell
> or command line interpreter (CLI) must have permissions only in the home
> directory.
Hi:
Operating ksh in restricted mode may fulfill your needs. Here from
the man page for ksh (this is the public domain Korn Shell in
OpenBSD):
-r Restricted shell. A shell is ``restricted'' if this option is
used or if either the basename the shell was invoked with or the
SHELL parameter match the pattern ``*r*sh'' (e.g. rsh, rksh,
rpdksh). The following restrictions come into effect after the
shell processes any profile and ENV files:
o The cd command is disabled.
o The SHELL, ENV, and PATH parameters cannot be changed.
o Command names can't be specified with absolute or relative
paths.
o The -p option of the built-in command command can't be used.
o Redirections that create files can't be used (i.e. `>', `>|',
`>>', `<>').
--
Kind regards,
Jonathan
