Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Posting-Version: version B 2.10.2 9/18/84; site Glacier.ARPA Path: utzoo!watmath!clyde!burl!ulysses!allegra!oliveb!Glacier!conor From: conor@Glacier.ARPA (Conor Rafferty) Newsgroups: net.unix Subject: Re: Alternate Shells Message-ID: <10787@Glacier.ARPA> Date: Thu, 15-Aug-85 23:19:19 EDT Article-I.D.: Glacier.10787 Posted: Thu Aug 15 23:19:19 1985 Date-Received: Mon, 19-Aug-85 08:24:20 EDT References: <10672@Glacier.ARPA> <575@bu-cs.UUCP> <1229@umcp-cs.UUCP> Reply-To: conor@Glacier.UUCP (Conor Rafferty) Organization: Stanford University, IC Laboratory Lines: 21 In article <1229@umcp-cs.UUCP> chris@umcp-cs.UUCP (Chris Torek) writes: >We (well, Fred actually) modified chsh to read /lib/ok_shells for >a list of the shells "ordinary users" can set up. It's more anti- >accidental-stupidity than anything else. I've heard the "protecting people from themselves" argument a few times now, but it seems flimsy to me. After all, you can destroy everything you ever wrote with a single rm -fr *, whereas chsh/bin/false just requires a trip up the corridor to your sysadmin. Do we make rm a privileged command? Of course not. It seems like we can get by without this bit of paternalism in chsh too. It's not an important point, but there is an important issue behind it: are checks to protect novices to be taken over the line where they limit the freedom of experienced users? After /lib/ok_shells, why not /lib/ok_commands /lib/allowed_paths and mandatory "noclobber"? It doesn't sound like Unix to me! Conor Rafferty conor@su-glacier.arpa 231A Applied Electronics Lab. conor@su-sierra.arpa Stanford University Ca.94305 decwrl!glacier!conor (415)497-1515