Date: Sat, 1 Jan 2000 12:54:18 -0500 (EST) From: Jim Sander <jim@federation.addy.com> Cc: freebsd-isp@FreeBSD.ORG Subject: RE: MUA as shell for mail-only accounts? Message-ID: <Pine.BSF.4.10.10001011231520.28717-100000@federation.addy.com> In-Reply-To: <XFMail.991230072810.andrews@TECHNOLOGIST.COM>
next in thread | previous in thread | raw e-mail | index | archive | help
We have several hundred "email-only" accounts with pine as their login shell. The problem is that pine is a really powerfull mail tool that allows all sorts of "dangerous" things. I set up pine.conf.fixed (in /usr/local/etc if you install from the port) to disallow certain things, and hard-coded other options... No suspend, no custom print, no pipe, alternate speller locked to /usr/local/bin/ispell, alternate editor locked to vi- with the option to disallow subshells. I also set "user home dir" to marginally protect non-user files from them. There are probably a few other things too- basically I went through the list of tricks I've used or seen used to get "real" shells on systems with non-standard ones (freenets do this a lot) and either fixed or disabled the option. The problem with this is that "normal" users (well, mainly me) who wanted to use all the fancy features of pine couldn't. So what I did recently was make a slight alteration to the port's makefile to create "rpine" - basically all I did was change the location/name of the pine.conf.fixed file so that I could have two pine binaries. One "plain " and one "restricted" - it took me about 30 minutes of studying the port and setting up the rpine.conf.fixed My goal was to prevent users from executing arbitrary binaries on the system, but still allow creation of files in their home directories. If you want to restrict them further it wouldn't be terribly difficult. Maybe we can all compare notes sometime? A better way to do this might be to set up monitoring processes in cron to use sockstat or process accounting, or something else to find users running processes they shouldn't. I'll probably set up something to look for "email only" users running anything but pine- can't be that hard. This hypothetical process can either summarily terminate them (and maybe lock the account) or simply make a note of it somehow for future action. If anyone needs the exact formula for making "rpine" I can probably describe it when I get to the office on Monday. Or is it Tuesday- guess I ought to find out soon. :) -=Jim=- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.10001011231520.28717-100000>