> On Fri, 16 May 1997, Pete Holsberg wrote:
> > I will have two classes of users: one that is permitted
> > to use PPP or shell account, and another that is
> > restricted to shell account only (actually, their shell
> > will be the "pine" email program). If necessary, the
> > accounts for the latter could be on a different machine
> > from those of the former.
>
> This is completely unrelated to your question or
> Livingston products, but I just thought I'd point out
> that if your purpose of giving your users a shell of
> "pine" is intended to secure these users against full
> shell access, you're in for a nasty surprise. It takes
> very little effort (you only need to barely know what
> you're doing) to get directly to shell from within Pine.
>
> A nifty thought, however, would be to modify pine to
> chroot to the user's home directory, and have their mail
> delivered to a mailbox in the home directory (as with
> qmail, for instance). Can anyone see why that wouldn't
> work, offhand? (ie. you could probably make it to some
> semblance of a shell prompt, but you wouldn't be able to
> do much...)
Thanks, Ed, but what I envision is no shell prompt and
/usr/local/bin/pine as the shell itself.
Pete