From owner-freebsd-questions@FreeBSD.ORG  Mon Jul 11 05:35:30 2005
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 659B816A41C
	for <freebsd-questions@freebsd.org>;
	Mon, 11 Jul 2005 05:35:30 +0000 (GMT)
	(envelope-from igorr@speechpro.com)
Received: from speechpro.com (speech-tech-2.ip.PeterStar.net [81.3.190.130])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 0A46443D45
	for <freebsd-questions@freebsd.org>;
	Mon, 11 Jul 2005 05:35:29 +0000 (GMT)
	(envelope-from igorr@speechpro.com)
Received: from sysadm.stc ([192.168.2.26])
	by s1.stc with esmtp (Exim 4.44 (FreeBSD))
	id 1Drqwx-0000DJ-C8; Mon, 11 Jul 2005 09:35:27 +0400
Message-ID: <42D2050A.2060903@speechpro.com>
Date: Mon, 11 Jul 2005 09:35:06 +0400
From: Igor Robul <igorr@speechpro.com>
User-Agent: Mozilla Thunderbird 1.0.2 (X11/20050518)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Daniel Auman <dauman@pcsinconline.com>
References: <000201c58404$ec17de50$0500000a@LAPTOP>
In-Reply-To: <000201c58404$ec17de50$0500000a@LAPTOP>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Archived: Yes
Cc: freebsd-questions@freebsd.org
Subject: Re: Logging into FreeBSD
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 11 Jul 2005 05:35:30 -0000

Daniel Auman wrote:

>Thank you!!! I would have not known about that key combination!
>
>  
>
You just need know, that most Unix interractive tools have such command. 
If you wish give user very restricted environment, then you can write 
simple C program which will chroot user into restricted directory, 
change user id and exec mysql command line client. Then you can make 
this program setuid root (tripple check your program) and make it user 
shell (man chsh).

But better, dont give shell to this untrusted user, and just use some 
WWW frontend for mysql.

>>#!/bin/sh
>>
>>mysql -u "username" -p"password"
>> 
>>
>>    
>>
>User just can do "\! /bin/sh" at mysql prompt and get shell access.
>
>
>
>
>  
>