From owner-freebsd-questions@FreeBSD.ORG  Tue Jul  8 10:31:12 2008
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id B3288106567A
	for <freebsd-questions@freebsd.org>;
	Tue,  8 Jul 2008 10:31:12 +0000 (UTC) (envelope-from dez@accid.net)
Received: from postville.darq.net (postville.darq.net [82.136.41.65])
	by mx1.freebsd.org (Postfix) with ESMTP id 731DE8FC17
	for <freebsd-questions@freebsd.org>;
	Tue,  8 Jul 2008 10:31:12 +0000 (UTC) (envelope-from dez@accid.net)
Received: from localhost (postville.darq.net [82.136.41.65])
	by postville.darq.net (Postfix) with ESMTP id 39F9E3153FBE
	for <freebsd-questions@freebsd.org>;
	Tue,  8 Jul 2008 11:31:11 +0100 (BST)
X-Virus-Scanned: amavisd-new at darq.net
Received: from postville.darq.net ([82.136.41.65])
	by localhost (postville.darq.net [82.136.41.65]) (amavisd-new,
	port 10024)
	with ESMTP id 92gI3t04ZUyE for <freebsd-questions@freebsd.org>;
	Tue,  8 Jul 2008 11:31:06 +0100 (BST)
Received: from troop.darq.net (78-105-7-89.zone3.bethere.co.uk [78.105.7.89])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	(Authenticated sender: dez@accid.net)
	by postville.darq.net (Postfix) with ESMTPSA id 8AEC13153FE4
	for <freebsd-questions@freebsd.org>;
	Tue,  8 Jul 2008 11:31:06 +0100 (BST)
Message-ID: <487341E8.9050203@accid.net>
Date: Tue, 08 Jul 2008 11:31:04 +0100
From: Dez Accid <dez@accid.net>
User-Agent: Thunderbird 2.0.0.14 (X11/20080612)
MIME-Version: 1.0
To: freebsd-questions@freebsd.org
References: <50744.217.114.136.134.1215506711.squirrel@mail.dsa.es>
In-Reply-To: <50744.217.114.136.134.1215506711.squirrel@mail.dsa.es>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: How to disable that an user execute any command
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 08 Jul 2008 10:31:12 -0000

DSA - JCR wrote:
> I want to make an user for the only task of remove/insert the usb copy disk.
>
> I have made a new user (operator group), and a shell task that ask for the
> GELI password and fsck and mount the USB disk. This work fine under root.
>
> but I think that if he/she want to make CTRL-C to the shell task, he can
> stop the task and then enter in the system and look whatever he wants (for
> example, how the things are done).
>
> How can I stop him from entering this CTRL-C (and others than could be) ?

If I understand your question correctly, you want to prevent an 
interactive user running a shell script from breaking out of it via 
CTRL-C and entering the shell directly.

In that case, you can achieve this functionality in your shell script 
with the use of trap command.

E.g. this line will print "Ignoring CTRL-C" on CTRL-C keypress which 
generates an INT (number 2) signal:

trap "echo 'Ignoring INT signal'" 2

This page http://www.shelldorado.com/goodcoding/tempfiles.html describes 
the shell signals quite well, you may want to give it a read.

Thanks!

-- 
Dez Accid