On Thu, Jan 12, 2012 at 12:26 PM, Sarnath K - ERS, HCLTech <k_sarn...@hcl.com> wrote: > Hello Jonathan, > > Thanks for your inputs. I was able to created a super-restricted login. > Here are a few things that I learnt during this process: > > 1. "vim" has a restricted mode called "rvim (or) vim -Z". This way, I can > restrict the user from running shell commands from vim and peep into the > Filesystem > a) CAVEAT: "vim" allows the user to "read" and "write" files in the > file-system provided the user _knows_ the path (or guesses some file path)
> b) So, to make it foolproof, I had to go with "nano" editor > - which supports a restricted mode that does not allow the user to > edit any other file than the one specified in the command line Can't you read a file with: echo "$(< pathtofile)"? I never really tried, but I'd probably look into things like chroot (or even a vm) to provide something really restricted.
