From owner-freebsd-questions@FreeBSD.ORG Tue Mar 13 06:39:52 2012 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 2DD39106566B for ; Tue, 13 Mar 2012 06:39:52 +0000 (UTC) (envelope-from jrisom@gmail.com) Received: from mail-yw0-f54.google.com (mail-yw0-f54.google.com [209.85.213.54]) by mx1.freebsd.org (Postfix) with ESMTP id D714F8FC0A for ; Tue, 13 Mar 2012 06:39:51 +0000 (UTC) Received: by yhgm50 with SMTP id m50so234594yhg.13 for ; Mon, 12 Mar 2012 23:39:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; bh=sE3jNQCFy/X4/XvSCev6wx7Ph64oiVW0Hqn7oUEYY24=; b=CFrmTHfHJQcCjKwGbiqt+KgwO0a1tgPEEIyxNjJrMRjmlhS9iMg9YSMvBGVyYbWbob CLQCx5UwOxKkKFJMk+sS4z3gCTWhym9+26krcUXuEQxqyBEs7Qk7IkgHb5fzBPaqj382 BrZh3ZhftxAoQUgg44OehLWBQNrtPOxX9u4tpdXdUE5EHBAAu8s+nRfT3grPEPl34xlL fZqoeE42qcuzkl/ta1rBQ0yVHAXlfPFr+rNthUfQ/ArfLlCH865V9NfwGjPj4Ii/WmJt Ea3fezDvOzLYMk9We/PFHLWEJwvcFIxPHIutGeoHG9IWp86qEgSMJ+iORanOTT1BSaeL Dt3A== Received: by 10.182.222.74 with SMTP id qk10mr10413143obc.75.1331620791298; Mon, 12 Mar 2012 23:39:51 -0700 (PDT) Received: from [192.168.1.3] (c-98-212-197-29.hsd1.il.comcast.net. [98.212.197.29]) by mx.google.com with ESMTPS id h7sm7571922oeh.9.2012.03.12.23.39.49 (version=SSLv3 cipher=OTHER); Mon, 12 Mar 2012 23:39:50 -0700 (PDT) Message-ID: <4F5EEBB4.1080608@gmail.com> Date: Tue, 13 Mar 2012 01:39:48 -0500 From: Joshua Isom User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:10.0.2) Gecko/20120216 Thunderbird/10.0.2 MIME-Version: 1.0 To: freebsd-questions@freebsd.org References: <4F5E4C2A.1020005@tundraware.com> <4F5E6D3A.50302@gmail.com> <20120312231000.4bb530e1.freebsd@edvax.de> <4F5E7687.5070808@gmail.com> <20120312232300.4da8ebf3.freebsd@edvax.de> In-Reply-To: <20120312232300.4da8ebf3.freebsd@edvax.de> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: Editor With NO Shell Access? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 13 Mar 2012 06:39:52 -0000 On 3/12/2012 5:23 PM, Polytropon wrote: > On Mon, 12 Mar 2012 15:19:51 -0700, Edward M. wrote: >> On 03/12/2012 03:10 PM, Polytropon wrote: >>> /etc/shells to work, but a passwd entry like >>> >>> bob:*:1234:1234:Two-loop-Bob:/home/bob:/usr/local/bin/joe >> >> >> I think this would not let the user to login,etc > > I'm not sure... I assume logging in is handled by /usr/bin/login, > and control is then (i. e. after successful login) transferred > to the login shell, which is the program specified in the > "shell" field (see "man 5 passwd") of /etc/passwd. How is > login supposed to know if the program specified in this > field is actually a dialog shell? > >> From "man 1 login" I read that many shells have a built-in > login command, but /usr/bin/login is the system's default > binary for this purpose if the "shell" (quotes deserved if > it is an editor as shown in my assumption) has no capability > of performing a login. > > > Are they logging in from the console or from ssh? If it's from a console, I'd send them directly into a jail with limited file system access, so that excecutables don't matter. If it's from ssh, I'd do the same thing. Assume they can break out of the editor or that something will happen. Make it minimalist about what they can do. Use the /rescue/vi in an empty jail with the files available. Don't think about changing editors, change the system.