We were just play around in IRC and I ran across this nice link. Sharing is fundamental to OpenSources, so here it is...
Jon ==== http://www.unix.org.ua/orelly/networking/puis/ch08_01.htm Note: rsh is NOT "remote shell" at least not in this context. 8.1.4.5 How to set up a restricted account with rsh To set up a restricted account that uses rsh, you must: * Create a special directory containing only the programs that the restricted shell can run. * Create a special user account that has the restricted shell as its login shell. NOTE: The setup we show in the following example is not entirely safe, as we explain later in this chapter. For example, to set up a restricted shell that lets guests play rogue and hack, and use the talk program, first create a user called player that has /bin/rsh as its shell and /usr/rsh/home as its home directory: player::100:100:The Games Guest user:/usr/rshhome:/bin/rsh Next, create a directory for only the programs you want the guest to use, and fill the directory with the appropriate links: # mkdir /usr/rshhome /usr/rshhome/bin # ln /usr/games/hack /usr/rshhome/bin/hack # ln /usr/games/rogue /usr/rshhome/bin/rogue # ln /usr/bin/talk /usr/rshhome/bin/talk # chmod 555 /usr/rshhome/bin # chmod 555 /usr/rshhome Finally, create a .profile for the player user that sets the PATH environment variable and prints some instructions: # cat > /usr/rshhome/.profile /bin/echo This guest account is only for the use of authorized guests. /bin/echo You can run the following programs: /bin/echo rogue A role playing game /bin/echo hack A better role playing game /bin/echo talk A program to talk with other people. /bin/echo /bin/echo Type "logout" to log out. PATH=/usr/rshhome/bin SHELL=/bin/rsh export PATH SHELL ^D # chmod 444 /usr/rshhome/.profile # chown player /usr/rshhome/.profile # chmod 500 /usr/rshhome -- TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ : http://trilug.org/faq/ TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
