From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-0.6 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS,HTML_MESSAGE,MAILING_LIST_MULTI autolearn=ham autolearn_force=no version=3.4.4 Received: from minnie.tuhs.org (minnie.tuhs.org [50.116.15.146]) by inbox.vuxu.org (Postfix) with ESMTP id 41BE021198 for ; Thu, 2 Jan 2025 19:13:51 +0100 (CET) Received: from minnie.tuhs.org (localhost [IPv6:::1]) by minnie.tuhs.org (Postfix) with ESMTP id 5A0024330E; Fri, 3 Jan 2025 04:13:46 +1000 (AEST) Received: from mail-wr1-x429.google.com (mail-wr1-x429.google.com [IPv6:2a00:1450:4864:20::429]) by minnie.tuhs.org (Postfix) with ESMTPS id 22150432FF for ; Fri, 3 Jan 2025 04:13:40 +1000 (AEST) Received: by mail-wr1-x429.google.com with SMTP id ffacd0b85a97d-3862d6d5765so6858835f8f.3 for ; Thu, 02 Jan 2025 10:13:40 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rikfarrow-com.20230601.gappssmtp.com; s=20230601; t=1735841618; x=1736446418; darn=tuhs.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=f/bjQ6CoF3VXPawkVLZL0Zk5CuHqn+WNhnTBKlWyJos=; b=kPmFVymEeqc+heb9f+yjnn0ovAM0sb77/b7sZ2D9jxp4Lp+kcMOWFHs58uIxrmyU4O xSmsIUsmWtOYTOPS+DqJbNLnDk4LgkHMpZkGtR7mEaYuYF6rDYpDYkoXnsWZjwsIv+60 /WI0Ko4xLCAHDgJAZc8bnw7ItLaq3MSay5XHzi9WiNkPeuKj+WDSN2cLKoj/GQhRuL4S cJrXKk82xkksvEPn1aEABb7nHH0+X5PUtUe3Z0oZfqMAvn6j2MrkYptGEKhIM2zAve8b 3+ISH1Ol5ZyiB7yerdG5/XT4grNaMdvQNZ7CcqBdg0RnX6W6yZBnK1HDQsrsvVa20L6l JaFQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1735841618; x=1736446418; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=f/bjQ6CoF3VXPawkVLZL0Zk5CuHqn+WNhnTBKlWyJos=; b=P/RPzq2YmExHIMO7kcrdMqsoO1r36zzmWuP7q5FLQ+2+LzoFE6JdRv83bu2+wJknWM iynx229grigAy0ZvD8D3C5DKXWS8fMYQ4arLuGGPztDs/zuCKsV99IScFKcptHiqPXZY lNv32h8ybkoWd0TkmKPF3xgJdtvgw3iy5yb7JTDI5whNrFeIoG8v/21DTNUmYJKE6Umi 0QqzGgyKEHmH6HfZjP4E/se/vbpBlYBrUr1S0CPLpAEgdi0p5ymnUQw3588813TVbtwn z+hysbyMpzz79F+HzjnenRn5kqoih7pFBTY9i7RbBlGKc/DKKc5ofwDK87dk587JgHMF Vl1Q== X-Forwarded-Encrypted: i=1; AJvYcCWzUv31tmDmykhd5JDSHbqg4pkYdufs5q3MtLPoWkztj2Ue8BaZWqjWEfbBnDLEchxmCoAD@tuhs.org X-Gm-Message-State: AOJu0Ywmk7NZ6kTPbxSUhMuhvTCUIFxoAL8K3lOCnmJwHbaQQj6wOw84 kAHf3Pw++6AG5WTF04QKste3OK//ciilQWToABdthsgiw2vJPCiP7Zf7B9/zbpc1Y7h+U+/3ODD JwI/CovBIiGPGBUCV6iJa7LGUxyc6lQCtMKKtmL02R7lHD+s1 X-Gm-Gg: ASbGncu6d+UP+8rnVze2GTfXNCGJGeJYTQ4ZJ/xDPVbZnMzzPjUBvOHmSOYhaLEk2xx oKYChFS2F1nvX65Kg73IMQInTzs6Tn+5TNtgIyA== X-Google-Smtp-Source: AGHT+IEu1eeidMs3UxmDc0QBHM6gK2Vsu0NgpwcsKPBpYsKtMKxNYemO3T8kK8t65CQbNqy2sVLxtrpBXRfZptRXc/g= X-Received: by 2002:a05:6000:2ae:b0:382:450c:2607 with SMTP id ffacd0b85a97d-38a221f3392mr34581442f8f.4.1735841618363; Thu, 02 Jan 2025 10:13:38 -0800 (PST) MIME-Version: 1.0 References: In-Reply-To: From: Rik Farrow Date: Thu, 2 Jan 2025 11:13:22 -0700 Message-ID: To: chet.ramey@case.edu Content-Type: multipart/alternative; boundary="0000000000000ca3df062abd1f7a" Message-ID-Hash: JMA4XJHMTQEP3J6MOHI7DAD4XM2GYSGZ X-Message-ID-Hash: JMA4XJHMTQEP3J6MOHI7DAD4XM2GYSGZ X-MailFrom: rik@rikfarrow.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tuhs.tuhs.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: Douglas McIlroy , The Eunuchs Hysterical Society X-Mailman-Version: 3.3.6b1 Precedence: list Subject: [TUHS] Re: "Webster's Second on the Head of a Pin"? List-Id: The Unix Heritage Society mailing list Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: --0000000000000ca3df062abd1f7a Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Thu, Jan 2, 2025 at 7:23=E2=80=AFAM Chet Ramey wro= te: > On 1/1/25 1:11 PM, Rik Farrow wrote: > > For example, the 3B2 I > > administered for a while in the late 80s had multiple accounts with rsh= , > > the restricted shell, as the login shell. That was okay, unless you use= d > su > > and then had access to a root shell. > > That's an administrator problem. Part of setting up a restricted shell > environment is creating a directory of necessary binaries and setting > PATH appropriately. > > Each of these special accounts did have a home directory with a .profile to set up the restricted environment, then run a shell script to perform some task as root. For example, logging in as 'backup' would run /user/backup/.profile and allow a non-privileged user to run a backup script as root. But typing "su backup" produced a root-owner shell without restrictions. You need to type "su - " to run the account's .profile script. Rik --0000000000000ca3df062abd1f7a Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable


On Thu, Jan 2, 2025 = at 7:23=E2=80=AFAM Chet Ramey <chet.ramey@case.edu> wrote:
On 1/1/25 1:11 PM, Rik Farrow wrote:
> For example, the 3B2 I
> administered for a while in the late 80s had multiple accounts with rs= h,
> the restricted shell, as the login shell. That was okay, unless you us= ed su
> and then had access to a root shell.

That's an administrator problem. Part of setting up a restricted shell<= br> environment is creating a directory of necessary binaries and setting
PATH appropriately.

Each of these special accounts= did have a home directory with a .profile to set up the restricted environ= ment, then run a shell script to perform some task as root. For example, lo= gging in as 'backup' would run /user/backup/.profile and allow a no= n-privileged user to run a backup script as root.

= But typing "su backup" produced a root-owner shell without restri= ctions. You need to type "su - " to run the account's .profil= e script.

Rik
=C2=A0
--0000000000000ca3df062abd1f7a--