Editor With NO Shell Access?

Steve Bertrand steve.bertrand at gmail.com
Mon Mar 12 21:40:18 UTC 2012

On 2012-03-12 15:19, Tim Daneliuk wrote:
> I have a situation where I need to provide people with the ability to edit
> files. However, under no circumstances do I want them to be able to exit
> to the shell. The client in question has strong (and unyielding) InfoSec
> requirements in this regard.
> So ... are there editors without this feature? Can I compile something like
> joe or vi to inhibit this feature?

I don't know if this will help, but it may provide an idea that could 
spark something further.

You can force a user directly into an editor so they have no shell 
access. For example, if the user has '/bin/csh' as their login shell, 

exec /usr/local/bin/vim

into their ~/.cshrc file will force them directly into vim. When they 
exit vim, they are immediately logged off.

However, I don't believe this will provide them any way to see their 
files though.

vim's ":open filename" and ":w filename" still work, but shell commands 
(eg ":! ls -la") don't.


More information about the freebsd-questions mailing list