From owner-freebsd-questions@FreeBSD.ORG Mon Mar 12 22:10:02 2012 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 392A21065670 for ; Mon, 12 Mar 2012 22:10:02 +0000 (UTC) (envelope-from freebsd@edvax.de) Received: from mx02.qsc.de (mx02.qsc.de [213.148.130.14]) by mx1.freebsd.org (Postfix) with ESMTP id E840D8FC18 for ; Mon, 12 Mar 2012 22:10:01 +0000 (UTC) Received: from r56.edvax.de (port-92-195-185-71.dynamic.qsc.de [92.195.185.71]) by mx02.qsc.de (Postfix) with ESMTP id D6FA91E8A8; Mon, 12 Mar 2012 23:10:00 +0100 (CET) Received: from r56.edvax.de (localhost [127.0.0.1]) by r56.edvax.de (8.14.5/8.14.5) with SMTP id q2CMA0fc002125; Mon, 12 Mar 2012 23:10:00 +0100 (CET) (envelope-from freebsd@edvax.de) Date: Mon, 12 Mar 2012 23:10:00 +0100 From: Polytropon To: Steve Bertrand Message-Id: <20120312231000.4bb530e1.freebsd@edvax.de> In-Reply-To: <4F5E6D3A.50302@gmail.com> References: <4F5E4C2A.1020005@tundraware.com> <4F5E6D3A.50302@gmail.com> Organization: EDVAX X-Mailer: Sylpheed 3.1.1 (GTK+ 2.24.5; i386-portbld-freebsd8.2) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Cc: Tim Daneliuk , FreeBSD Mailing List Subject: Re: Editor With NO Shell Access? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Polytropon List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 Mar 2012 22:10:02 -0000 On Mon, 12 Mar 2012 17:40:10 -0400, Steve Bertrand wrote: > You can force a user directly into an editor so they have no shell > access. For example, if the user has '/bin/csh' as their login shell, > adding: > > exec /usr/local/bin/vim > > into their ~/.cshrc file will force them directly into vim. When they > exit vim, they are immediately logged off. Just an idea about extending this idea: What if the shell field for that user does not contain a shell, but the name of the editor instead? I assume it has to be "noted" in /etc/shells to work, but a passwd entry like bob:*:1234:1234:Two-loop-Bob:/home/bob:/usr/local/bin/joe could work (haven't tested that). A list of the files can be obtained when opening a file ^KE and pressing the Tab key. It would be worth testing if shell escapes like !command will work in this constellation... -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ...