https://community.hpe.com/t5/operating-system-hp-ux/osh-the-operator-shell/m-p/2724969#M753109 Perhaps I'm looking at this the wrong way. Is there a way to allow read access to the entire system, but not to change anything? Thu, 16 May 2002 14:45:53 GMT A. Daniel King_1 2002-05-16T14:45:53Z https://community.hpe.com/t5/operating-system-hp-ux/osh-the-operator-shell/m-p/2724965#M753105 Does anyone here know of an alternative to osh - the operator shell? It is similar to sudo, but it allows access as a shell. It seems that this project died some time back, but the concept has some value.<BR /><BR /><A href="http://www.engarde.com/~mcn/osh.html" target="_blank">http://www.engarde.com/~mcn/osh.html</A><BR /><BR />I've tried subbing to the mailing list (dead), and I was wondering if anyone here had tried this under HP-UX 11.0. I've got it compiled using gcc 3.0.4, but it seems a bit buggy - even after specifying commands in the allowed-execution table, the commands remain unavailable.<BR /><BR />$./osh <BR />A. Daniel King (dking)<BR />Operator Shell version 1.7<BR />myhost.dking (/usr/local/src/osh) #&gt; ls<BR />/bin/sh: /usr/bin/ls: Execute permission denied.<BR /><BR />table:<BR />dking<BR />{<BR />ls /usr/bin/ls<BR />exit NULL<BR />}<BR /><BR />It would be great if there were a way to allow roaming, shell-type access to our system - without the ability to destroy things. Is there an alternative? A fix? An active user community? Wed, 15 May 2002 21:50:38 GMT https://community.hpe.com/t5/operating-system-hp-ux/osh-the-operator-shell/m-p/2724965#M753105 A. Daniel King_1 2002-05-15T21:50:38Z https://community.hpe.com/t5/operating-system-hp-ux/osh-the-operator-shell/m-p/2724966#M753106 Hi,<BR />I had a look at this some time ago ... but I'm afraid the project is dead :-(. The alternative is creating a "chrooted" (jail) environment yourself, but that is VERY timeconsuming (in my opinion). In our environment we use a very strict sudo (specific commands for specific users) ... which is (again in my opinion) the best "low cost / low effort / best results"-solution.<BR /><BR />Regards,<BR />Tom<BR /> Thu, 16 May 2002 03:39:48 GMT https://community.hpe.com/t5/operating-system-hp-ux/osh-the-operator-shell/m-p/2724966#M753106 Tom Geudens 2002-05-16T03:39:48Z https://community.hpe.com/t5/operating-system-hp-ux/osh-the-operator-shell/m-p/2724967#M753107 Hi<BR /><BR />Look at<BR /><BR /><A href="http://hpux.cs.utah.edu/hppd/hpux/Shells/osh-1.7/" target="_blank">http://hpux.cs.utah.edu/hppd/hpux/Shells/osh-1.7/</A><BR /><BR /><BR />Get there by<BR /><A href="http://www.software.hp.com" target="_blank">www.software.hp.com</A><BR />public domain software<BR />search on osh<BR /><BR /><BR /> Steve steel Thu, 16 May 2002 06:09:55 GMT https://community.hpe.com/t5/operating-system-hp-ux/osh-the-operator-shell/m-p/2724967#M753107 Steve Steel 2002-05-16T06:09:55Z https://community.hpe.com/t5/operating-system-hp-ux/osh-the-operator-shell/m-p/2724968#M753108 I've got sudo up and going - it works well.<BR /><BR />However, osh would provide the ability to do something like:<BR /><BR />&gt;cd /home/dking<BR />&gt;ls<BR /><BR />I can get the cd to work, but the ls is dying. I've been looking at the code, and I think the issue has something to do with the way execv() is called.<BR /><BR />Perhaps there are some further examples of the access/execute table - specifically for HP-UX?<BR /><BR />Or perhaps there exists a shell-type wrapper for sudo? Thu, 16 May 2002 13:45:43 GMT https://community.hpe.com/t5/operating-system-hp-ux/osh-the-operator-shell/m-p/2724968#M753108 A. Daniel King_1 2002-05-16T13:45:43Z https://community.hpe.com/t5/operating-system-hp-ux/osh-the-operator-shell/m-p/2724969#M753109 Perhaps I'm looking at this the wrong way. Is there a way to allow read access to the entire system, but not to change anything? Thu, 16 May 2002 14:45:53 GMT https://community.hpe.com/t5/operating-system-hp-ux/osh-the-operator-shell/m-p/2724969#M753109 A. Daniel King_1 2002-05-16T14:45:53Z