Date: Tue, 13 Mar 2012 01:39:48 -0500 From: Joshua Isom <jrisom@gmail.com> To: freebsd-questions@freebsd.org Subject: Re: Editor With NO Shell Access? Message-ID: <4F5EEBB4.1080608@gmail.com> In-Reply-To: <20120312232300.4da8ebf3.freebsd@edvax.de> References: <4F5E4C2A.1020005@tundraware.com> <4F5E6D3A.50302@gmail.com> <20120312231000.4bb530e1.freebsd@edvax.de> <4F5E7687.5070808@gmail.com> <20120312232300.4da8ebf3.freebsd@edvax.de>
next in thread | previous in thread | raw e-mail | index | archive | help
On 3/12/2012 5:23 PM, Polytropon wrote: > On Mon, 12 Mar 2012 15:19:51 -0700, Edward M. wrote: >> On 03/12/2012 03:10 PM, Polytropon wrote: >>> /etc/shells to work, but a passwd entry like >>> >>> bob:*:1234:1234:Two-loop-Bob:/home/bob:/usr/local/bin/joe >> >> >> I think this would not let the user to login,etc > > I'm not sure... I assume logging in is handled by /usr/bin/login, > and control is then (i. e. after successful login) transferred > to the login shell, which is the program specified in the > "shell" field (see "man 5 passwd") of /etc/passwd. How is > login supposed to know if the program specified in this > field is actually a dialog shell? > >> From "man 1 login" I read that many shells have a built-in > login command, but /usr/bin/login is the system's default > binary for this purpose if the "shell" (quotes deserved if > it is an editor as shown in my assumption) has no capability > of performing a login. > > > Are they logging in from the console or from ssh? If it's from a console, I'd send them directly into a jail with limited file system access, so that excecutables don't matter. If it's from ssh, I'd do the same thing. Assume they can break out of the editor or that something will happen. Make it minimalist about what they can do. Use the /rescue/vi in an empty jail with the files available. Don't think about changing editors, change the system.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4F5EEBB4.1080608>
