Re: Restricted Shells or Menu Based Shells

From: Terrence Martin (twm139@its.to)
Date: 02/22/02


Date: Fri, 22 Feb 2002 10:30:20 -0700 (MST)
From: Terrence Martin <twm139@its.to>
To: focus-linux@securityfocus.com


> Can anyone recommend a good restricted or menu based shell?
>

I got a lot of replies to this post. Thanks everyone.

The solution that I am going for right now is a combination.

1) I am using the flash program for the users that do not require a shell.
I am allowing access to the passwd program only at this point. Flash
provides a very easy to modify menu based interface. It allows you to add
menus, commands, help text and hotkeys. http://www.netsoc.ucd.ie/flash/

2) I am going to install a web based e-mail program. As often as ssh is
allowed from various points on the Internet https is as common. In
addition we allow imaps access to the system so that will give our users
two options for retrieving mail.

3) For users that require additional functionality, or manage a web site I
create a chroot area for them using the jail program. This is done on a
case by case basis, sometimes the chroot jails have only 1 user, and other
times if people are collaborating they are given the same chroot
enviroment.

I am considering a virtual server scenario as a next tier. This would
allow us to give users the ability to modify their local web server, add
or remove modules and basically have their own "box" without adding to the
floor space requirements or interfering with other users.

Just a little background. Basically this system is a small hosting point
for some of our IT colleagues and close family. The core group is nearly
to the point where we break even on the hosting costs. We consider this a
success milestone.

What I am trying to achieve is a flexible enviroment that also provides a
reasonably level of security. CIA in CISSP parlance. :)

Thanks for all the suggestions,

Terrence



Relevant Pages

  • Re: [fw-wiz] Best-of-breed Proxies (was Re: Proxy Firewalls ...)
    ... >> It used a chrooted sshd with private passwd/shadow files in the ... >> chroot jail. ... The login shell for the users in that private passwd ... >> config file to get a destination host, and execed an ssh client to ...
    (Firewall-Wizards)
  • Re: Chroot environment for ssh
    ... > would like to use SSH for the connections, as opposed to FTP, but I ... > users to be able to log into an interactive shell and I ... > want them to 'escape' out of their home directories. ... directives to chroot the groupand/or userthat are to have ...
    (FreeBSD-Security)
  • Re: help - I installed rpm4.0.6 and now nothing works!
    ... revert back to the previous version of RPM (because I have not yet ... Moe's post indicated that rpm4 for rh6.2 did exist. ... prevents you from starting a shell on the hosting computer, and and then chroot to the mounted disk within the same shell. ... chroot needs to start a shell inside the chroot environment. ...
    (comp.os.linux.misc)
  • Re: concurrent users in one account
    ... The only part that needs to be copied to each account ... >> app configuration level, not at the user configuration level. ... None of what I said was meant to be used with chroot... ... needs a shell, ...
    (comp.os.linux.misc)