topic Re: rksh in Operating System - HP-UX

rksh

Frank417 — Mon, 05 Nov 2001 22:24:30 GMT

Re: rksh

Joseph C. Denman — Mon, 05 Nov 2001 22:27:56 GMT

????? restricted korn shell

...jcd...

Re: rksh

Frank417 — Mon, 05 Nov 2001 22:30:13 GMT

tricky interface..

I'm trying to add 1 user and lock then down to a shell in a specific directory on HP-UX 11.00. rksh/rsh would work great in my case except they disable the use of cd. This directory has sub-directories which I would like to give them access to. I attempted to use chroot, but that won't work because of dld dependencies. Any ideas ?

Re: rksh

Michael Tully — Mon, 05 Nov 2001 23:12:37 GMT

What about setting up samba? Or do they actually have to use the Unix system?

-Michael

Re: rksh

Frank417 — Mon, 05 Nov 2001 23:22:46 GMT

they need to run various programs on the system.

Re: rksh

Marco Paganini — Tue, 06 Nov 2001 00:17:01 GMT

You need a chroot jailed environment. Problem is: When you do that, your user is absolutely 'locked out' of the rest of the unix box. This means you have to replicate a lot of the original box (you can do it with hardlinks) to allow him/her to make something useful.

There's also a project called "The Jail Chroot Project" that allows you to run a shell in a chroot'ed environment. Be aware though, that this is a Linux/Solaris/FreeBSD project. The author says it's goal is to be portable, so you may want to take a look at it and see if it's not so hard to customize for HP-UX.

Regards,
Paga

Re: rksh

Marco Paganini — Tue, 06 Nov 2001 00:18:42 GMT

As it couldn't be different, I forgot to post the URL. Here it goes:

Jail Chroot Project
http://www.gsyc.inf.uc3m.es/~assman/jail/

Re: rksh

Frank Slootweg — Tue, 06 Nov 2001 12:57:46 GMT

Re:

> I'm trying to add 1 user and lock then down
> to a shell in a specific directory on HP-UX
> 11.00. rksh/rsh would work great in my case
> except they disable the use of cd. This
> directory has sub-directories which I would
> like to give them access to.

With rksh/rsh they still have *access* to the subdirectories and the files in them, they 'just' can not *cd* to them.

Re: A chroot(2)-ed environment. That is possible, but the documentation supplied with HP-UX has very limited information on it. Basically all is this part from the login(1) manual page:

[start quote:]
If the command name field is *, a chroot() to the directory named in
the directory field of the entry is performed. At that point login is
re-executed at the new level which must have its own root structure,
including a /usr/bin/login command and an /etc/passwd file.
[end quote.]

That information is both correct and (at least implicitly) complete, but you will have to read/interpret it very carefully to understand the full implications.

However reading your requirements, I think that a chroot()-ed environment is an overkill.