From owner-freebsd-questions  Fri Jul 12 22:53:40 1996
Return-Path: owner-questions
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id WAA12045
          for questions-outgoing; Fri, 12 Jul 1996 22:53:40 -0700 (PDT)
Received: from relay-2.mail.demon.net (disperse.demon.co.uk [158.152.1.77])
          by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id WAA12040
          for <questions@freebsd.org>; Fri, 12 Jul 1996 22:53:37 -0700 (PDT)
Received: from post.demon.co.uk ([158.152.1.72]) by relay-2.mail.demon.net
           id ad20503; 13 Jul 96 6:53 +0100
Received: from jraynard.demon.co.uk ([158.152.42.77]) by relay-3.mail.demon.net
          id aa23158; 13 Jul 96 1:25 +0100
Received: (from fqueries@localhost) by jraynard.demon.co.uk (8.6.12/8.6.12) id WAA02595; Fri, 12 Jul 1996 22:58:24 GMT
Date: Fri, 12 Jul 1996 22:58:24 GMT
Message-Id: <199607122258.WAA02595@jraynard.demon.co.uk>
From: James Raynard <fqueries@jraynard.demon.co.uk>
To: jim@starshine.org
CC: paul@nation-net.com, questions@freebsd.org
In-reply-to: <199607121006.DAA02053@starshine> (message from Jim Dennis on
	Fri, 12 Jul 1996 03:06:55 -0700 (PDT))
Subject: Re: Restricted shell for Web users
Sender: owner-questions@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

> > Mail accounts aren't needed, just forwarding.
> > I've heard there is such a thing as a virtual shell? It sounds like just 
> > what I need!!
> 
> 	If you insist on allowing telnet into it (and poviding a shell
> 	account) you might look at the 'restricted shell' (I think there
> 	is a command line option on Bourne or Korn and support for 
> 	it automatically assume this option if called via the name
> 	'rsh' -- i.e. via a hardlink).

AFAIK this is a SysV ism - the Berkeley rsh is the 'remote shell',
used for running commands on a different host from the one you're
logged in to.  I couldn't find anything in the sh man page about this
(I don't have the ksh man page due to a chronic lack of disk space).

> 	The restrictions an this 'rsh' ('jsh'???) are something like:
> 	can't change directory, can't set/unset any variables, can't 
> 	create any shell functions or aliases, etc.

I understood 'jsh' was how you invoked the job-control version of sh
on SysV (our sh already has job control built in, so we don't need
it).  I wasn't aware it had anything to do with user restrictions, but
I'm open to correction (my experience of SysV being rather limited).

Anyway, I've seen one or two other requests for this - if I can get
hold of a proper spec for this, I *might* have a go at it (unless of
course someone else does it first :-)

-- 
James Raynard, Edinburgh, Scotland
james@jraynard.demon.co.uk
http://www.freebsd.org/~jraynard/