On February 28, 2002 08:45 am, you wrote: > > Well, as others have pointed out, restricted shells in general aren't > so hard to work around. I think the assumption here has to be that > either a) you're going to do lots of othe things to help lock down the > system, or b) the users in question aren't terribly skilled.
In addition, by making it nontrivial to work around, you completely remove the evasion of "oh, I didn't know I was doing that", or "it was an accident". If it's difficult to do, it had to be intentional, and the person can then be brought up for violating the usage policies.
