Unix/Linux Go Back    

RedHat 9 (Linux i386) - man page for smrsh (redhat section 8)

Linux & Unix Commands - Search Man Pages
Man Page or Keyword Search:   man
Select Man Page Set:       apropos Keyword Search (sections above)

SMRSH(8)										 SMRSH(8)

       smrsh - restricted shell for sendmail

       smrsh -c command

       The  smrsh  program  is intended as a replacement for sh for use in the ``prog'' mailer in
       sendmail(8) configuration files.  It sharply limits the commands that can be run using the
       ``|program''  syntax of sendmail in order to improve the over all security of your system.
       Briefly, even if a ``bad guy'' can get sendmail to run a program without going through  an
       alias or forward file, smrsh limits the set of programs that he or she can execute.

       Briefly,  smrsh limits programs to be in a single directory, by default /etc/smrsh, allow-
       ing the system administrator to choose the set of acceptable commands, and  to  the  shell
       builtin	commands ``exec'', ``exit'', and ``echo''.  It also rejects any commands with the
       characters ``', `<', `>', `;', `$', `(', `)', `\r' (carriage return), or `\n' (newline) on
       the  command  line  to prevent ``end run'' attacks.  It allows ``||'' and ``&&'' to enable
       commands like: ``"|exec /usr/local/bin/procmail -f- /etc/procmailrcs/user || exit 75"''

       Initial pathnames on  programs  are  stripped,  so  forwarding  to  ``/usr/ucb/vacation'',
       ``/usr/bin/vacation'',  ``/home/server/mydir/bin/vacation'', and ``vacation'' all actually
       forward to ``/etc/smrsh/vacation''.

       System administrators should be conservative about populating  the  /etc/smrsh  directory.
       Reasonable  additions  are  vacation(1),  procmail(1),  and the like.  No matter how brow-
       beaten you may be, never include any shell or shell-like program (such as perl(1)) in  the
       /etc/smrsh  directory.	Note that this does not restrict the use of shell or perl scripts
       in the sm.bin directory (using the ``#!'' syntax); it simply disallows execution of  arbi-
       trary programs.

       /etc/smrsh - directory for restricted programs


				   $Date: 2002/04/25 13:33:40 $ 			 SMRSH(8)
Unix & Linux Commands & Man Pages : ©2000 - 2018 Unix and Linux Forums

All times are GMT -4. The time now is 03:50 AM.