Editor With NO Shell Access?
steve.bertrand at gmail.com
Mon Mar 12 21:40:18 UTC 2012
On 2012-03-12 15:19, Tim Daneliuk wrote:
> I have a situation where I need to provide people with the ability to edit
> files. However, under no circumstances do I want them to be able to exit
> to the shell. The client in question has strong (and unyielding) InfoSec
> requirements in this regard.
> So ... are there editors without this feature? Can I compile something like
> joe or vi to inhibit this feature?
I don't know if this will help, but it may provide an idea that could
spark something further.
You can force a user directly into an editor so they have no shell
access. For example, if the user has '/bin/csh' as their login shell,
into their ~/.cshrc file will force them directly into vim. When they
exit vim, they are immediately logged off.
However, I don't believe this will provide them any way to see their
vim's ":open filename" and ":w filename" still work, but shell commands
(eg ":! ls -la") don't.
More information about the freebsd-questions