Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Posting-Version: version B 2.10.2 9/18/84; site Glacier.ARPA
Path: utzoo!watmath!clyde!burl!ulysses!allegra!oliveb!Glacier!conor
From: conor@Glacier.ARPA (Conor Rafferty)
Newsgroups: net.unix
Subject: Re: Alternate Shells
Message-ID: <10787@Glacier.ARPA>
Date: Thu, 15-Aug-85 23:19:19 EDT
Article-I.D.: Glacier.10787
Posted: Thu Aug 15 23:19:19 1985
Date-Received: Mon, 19-Aug-85 08:24:20 EDT
References: <10672@Glacier.ARPA> <575@bu-cs.UUCP> <1229@umcp-cs.UUCP>
Reply-To: conor@Glacier.UUCP (Conor Rafferty)
Organization: Stanford University, IC Laboratory
Lines: 21

In article <1229@umcp-cs.UUCP> chris@umcp-cs.UUCP (Chris Torek) writes:
>We (well, Fred actually) modified chsh to read /lib/ok_shells for
>a list of the shells "ordinary users" can set up.  It's more anti-
>accidental-stupidity than anything else.

I've heard the "protecting people from themselves" argument a few times
now, but it seems flimsy to me. After all, you can destroy everything
you ever wrote with a single rm -fr *, whereas chsh  /bin/false
just requires a trip up the corridor to your sysadmin. Do we
make rm a privileged command? Of course not. It seems like we
can get by without this bit of paternalism in chsh too. 
    It's not an important point, but there is an important issue
behind it: are checks to protect novices to be taken over the line where
they limit the freedom of experienced users? After /lib/ok_shells, why
not /lib/ok_commands /lib/allowed_paths and mandatory "noclobber"?
It doesn't sound like Unix to me!

Conor Rafferty                  conor@su-glacier.arpa
231A Applied Electronics Lab.   conor@su-sierra.arpa
Stanford University Ca.94305	decwrl!glacier!conor
(415)497-1515