> On Sat, 17 May 1997, Edward S. Marshall wrote:
>
> > On Fri, 16 May 1997, Pete Holsberg wrote:
> > > I will have two classes of users: one that is permitted
> > > to use PPP or shell account, and another that is
> > > restricted to shell account only (actually, their shell
> > > will be the "pine" email program). If necessary, the
> > > accounts for the latter could be on a different machine
> > > from those of the former.
> >
> > This is completely unrelated to your question or
> > Livingston products, but I just thought I'd point out
> > that if your purpose of giving your users a shell of
> > "pine" is intended to secure these users against full
> > shell access, you're in for a nasty surprise. It takes
> > very little effort (you only need to barely know what
> > you're doing) to get directly to shell from within Pine.
> >
> > A nifty thought, however, would be to modify pine to
> > chroot to the user's home directory, and have their mail
> > delivered to a mailbox in the home directory (as with
> > qmail, for instance). Can anyone see why that wouldn't
> > work, offhand? (ie. you could probably make it to some
> > semblance of a shell prompt, but you wouldn't be able to
> > do much...)
>
> Thanks, Ed, but what I envision is no shell prompt and
> /usr/local/bin/pine as the shell itself.
Yes of course but what Ed, was saying is that it's trivial to
spawn a shell or named pipe from standard configurations of pine.
>
> Pete
>
>
-------------------------------\\|!|//--------------------------------
| Colin P. Ryan \!/ Building Strategies and |
| Local GlobalAccess Inc Solutions for Internets |
| 320 1/2 Bloor St. W. Toronto. ON and Intranets |
| e:drop@lglobal.com Phone: (416)515-7400 |
----------------------------------------------------------------------