Re: Restricted Shells or Menu Based Shells

From: Dano (dano@phink.org)
Date: 02/22/02


Date: Fri, 22 Feb 2002 10:40:59 -0500 (EST)
From: Dano <dano@phink.org>
To: Terrence Martin <twm139@its.to>


On Wed, 20 Feb 2002, Terrence Martin wrote:

> Can anyone recommend a good restricted or menu based shell?
>
> What I am looking for is a shell that will allow users to run a small set
> of commands. For example
>
> pine for reading mail
> passwd for changing their password
> a .forward script (custome most likely) to set a new .forward.
>
> Anyone have anything they like to use? I know pine is a bit of a hassle as
> it can be used to run external commands, so I might skip that one, but
> definitely the passwd and .forward script editor.

We ended up using pdmenu (http://www.kitenet.net/programs/pdmenu/) to
create a menu based interface for the end users. They have accounts on a
Linux box with their shells listed as a script that builds the rc file for
pdmenu and then runs it. If you trap the errors and don't allow input
(the edit menu option has a bug that allows you to enter a ; and then
execute any command) its fairly secure and difficult to get a shell.
 
And with pine you can always edit to source to remove the shell option.

--Dano