-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 At some point hitherto, Jerry Feldman hath spake thusly: > Does anyone know of a text based menu system for Linux. (Actually, there > used to be many years ago a shell called vsh, but I have not seen that > around for 20 years). > > I certainly can write one in Perl for this particular user, but I'd rather > take something that exists and customize it rather than spend the time > writing it myself. (My initial response to him is to give him a short list > of Linux commands). I don't know of any such thing, but I do want to issue a word of caution: Be aware that if your user is clueful, it's virtually impossible to write a restricted shell that actually restricts the user to only those commands. (I suspect that the reason you want such a thing is because your user is NOT clueful, but I'll continue my thoughts under the assumption that I'm wrong.) For a restricted shell to be successful, you must not allow the user access to any commands that can be used to get a shell. So for example, most editors are out. You must also not allow the user to be able to modify their environment, so now the rest of your editors are out, and you also need to make their home directory read-only. A partial discussion as to why this is the case is here: http://www.pizzashack.org/rssh/security.html The attack that I describe here is far from the only one. A user might also be able to modify their environment by changing the PATH variable, potentially causing an arbitrary program to be run, in the event that some program they can run is not specified by full path, or is a script which contains commands that are not fully specified. Etc. - -- Derek Martin ddm@pizzashack.org - --------------------------------------------- I prefer mail encrypted with PGP/GPG! GnuPG Key ID: 0x81CFE75D Retrieve my public key at http://pgp.mit.edu Learn more about it at http://www.gnupg.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE9fNJXdjdlQoHP510RAisnAJ9DAVyFMhszvYR9vrLfQOgZIKz9kQCgvUsU TT5OiViKla9scZPEWhoQv/s= =n9eY -----END PGP SIGNATURE-----