On 03/13/2012 01:39 AM, Joshua Isom wrote:
On 3/12/2012 5:23 PM, Polytropon wrote:
On Mon, 12 Mar 2012 15:19:51 -0700, Edward M. wrote:
On 03/12/2012 03:10 PM, Polytropon wrote:
/etc/shells to work, but a passwd entry like
bob:*:1234:1234:Two-loop-Bob:/home/bob:/usr/local/bin/joe
I think this would not let the user to login,etc
I'm not sure... I assume logging in is handled by /usr/bin/login,
and control is then (i. e. after successful login) transferred
to the login shell, which is the program specified in the
"shell" field (see "man 5 passwd") of /etc/passwd. How is
login supposed to know if the program specified in this
field is actually a dialog shell?
From "man 1 login" I read that many shells have a built-in
login command, but /usr/bin/login is the system's default
binary for this purpose if the "shell" (quotes deserved if
it is an editor as shown in my assumption) has no capability
of performing a login.
Are they logging in from the console or from ssh? If it's from a console, I'd
send them directly into a jail with limited file system access, so that
excecutables don't matter. If it's from ssh, I'd do the same thing.
Assume they can break out of the editor or that something will happen. Make it
minimalist about what they can do. Use the /rescue/vi in an empty jail with the
files available. Don't think about changing editors, change the system.
That's a really good idea, but we're talking about almost 1000 systems
here. That's a whole bunch of configuration...
--
----------------------------------------------------------------------------
Tim Daneliuk tun...@tundraware.com
PGP Key: http://www.tundraware.com/PGP/
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
