email apps as user shells (disable port forwarding in OpenSSH)

Peter W peterw at usa.net
Thu Sep 20 22:22:19 EST 2001


On Thu, Sep 20, 2001 at 01:57:19PM +0200, Alexey Koptsevich wrote:

> > > Thanks! But if no shell -- no ability, right?
> > 
> > I'm not sure I understand.  The user has to have some "shell" that can be
> > invoked as "<shell> -c pine" and do the right thing.  If you don't disable
> > suspend in the pine.conf.fixed, then pine will either fork a new instance
> > of <shell> (which is safe if <shell> is a restricted shell which just
> > exits when invoked without "-c pine") or else it will try to detach from
> > the restricted shell, which won't work right.
> 
> OK, but if I set /usr/local/bin/pine (or /usr/local/bin/mutt) as a shell
> in the /etc/passwd and do not copy any shell to the chroot-ed directory at
> all -- there is no ability to run it, that's what I meant.

1) isn't this outside the scope of the OpenSSH *development* list?
2) this can be easily and quickly tested, right?
3) [despite 1)]: email apps are powerful things, especially because
   they tend to include file browsers and full text editors
4) see 1): at the very least, I think this should be on a -users list,
   unless you see current behavior of OpenSSH that you wish to modify
   via source code changes

-Peter



More information about the openssh-unix-dev mailing list