On Thu, Apr 23, 2009 at 7:57 AM, J. Bakshi <bakshi12@xxxxxxxxx> wrote: > On Wed, 22 Apr 2009 11:21:06 -0600 > Benny Helms <benny@xxxxxxxxxx> wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> You always have the option of changing their login shell to >> '/bin/bash -s' which locks them in. Unfortunately, it also takes >> away their access to things like, 'ls' and 'cp' and 'vi', etc., >> unless you include copies in their home folder. >> >> You also need to remember that some apps like 'vim' will allow a user >> a shell escape which can break the limits you set. Make sure to give >> them access only to the secure version. For 'vim' that would be >> 'rvim'. > > thanks a lot for the rvim tip. > I am grateful to you to make me aware that vim allows shell access. A lot of utilities allow shell access. more less vi nvi vim emacs nano pico awk ... If you have perl access, you have fork/exec access. uploading your own binaries that fork/exec... general shell access is not easy to do securely. chroot is basically your only choice. -- And, did Galoka think the Ulus were too ugly to save? -Centauri