Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Posting-Version: version B 2.10.2 9/18/84; site watdcsu.UUCP Path: utzoo!watmath!watnot!watdcsu!herbie From: herbie@watdcsu.UUCP (Herb Chong - DCS) Newsgroups: net.unix Subject: Re: Alternate Shells Message-ID: <1618@watdcsu.UUCP> Date: Mon, 19-Aug-85 10:38:33 EDT Article-I.D.: watdcsu.1618 Posted: Mon Aug 19 10:38:33 1985 Date-Received: Tue, 20-Aug-85 21:44:28 EDT References: <10672@Glacier.ARPA> <575@bu-cs.UUCP> <615@ucsfcgl.UUCP> Reply-To: herbie@watdcsu.UUCP (Herb Chong - DCS) Organization: U of Waterloo Lines: 29 Summary: In article <615@ucsfcgl.UUCP> arnold@ucsfcgl.UUCP (Ken Arnold) writes: >I helped make this decision -- it was because people who left their >terminals unattended for a few minutes (to relieve themselves, say) >would find themselves with a strange shell the next time they logged >on. This kind of prank became such a pain (besides being virtually >unfixable without finding a super-user, a species of (alleged) person >not always available when you have an assigment due the next morning) >that we decided to turn off chsh to non-normal shells except for root. but making changes to the list of "valid" shells inaccessible except by modification of source brings up several points: 1) binary only sites require a super user's intervention whenever a user wants to change shells (not often) to others that may be available (vsh, ksh, tcsh come to mind) 2) the biggest computer security problem is still people. i never leave my terminal unattended. either someone i trust watches it, i lock it up, or i lock the door, depending on where i am. 3) a valid list that is compiled in or read from a file provides a lot more flexibility anyway Herb Chong... I'm user-friendly -- I don't byte, I nybble.... UUCP: {decvax|utzoo|ihnp4|allegra|clyde}!watmath!water!watdcsu!herbie CSNET: herbie%watdcsu@waterloo.csnet ARPA: herbie%watdcsu%waterloo.csnet@csnet-relay.arpa NETNORTH, BITNET, EARN: herbie@watdcs, herbie@watdcsu