Date: Mon, 12 Mar 2012 17:40:10 -0400 From: Steve Bertrand <steve.bertrand@gmail.com> To: Tim Daneliuk <tundra@tundraware.com> Cc: FreeBSD Mailing List <freebsd-questions@freebsd.org> Subject: Re: Editor With NO Shell Access? Message-ID: <4F5E6D3A.50302@gmail.com> In-Reply-To: <4F5E4C2A.1020005@tundraware.com> References: <4F5E4C2A.1020005@tundraware.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2012-03-12 15:19, Tim Daneliuk wrote: > I have a situation where I need to provide people with the ability to edit > files. However, under no circumstances do I want them to be able to exit > to the shell. The client in question has strong (and unyielding) InfoSec > requirements in this regard. > > So ... are there editors without this feature? Can I compile something like > joe or vi to inhibit this feature? I don't know if this will help, but it may provide an idea that could spark something further. You can force a user directly into an editor so they have no shell access. For example, if the user has '/bin/csh' as their login shell, adding: exec /usr/local/bin/vim into their ~/.cshrc file will force them directly into vim. When they exit vim, they are immediately logged off. However, I don't believe this will provide them any way to see their files though. vim's ":open filename" and ":w filename" still work, but shell commands (eg ":! ls -la") don't. Steve
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4F5E6D3A.50302>