Unix‎ > ‎Solaris‎ > ‎Solaris man pages‎ > ‎1m‎ > ‎

smrsh


NAME
     smrsh - restricted shell for sendmail

SYNOPSIS
     smrsh  -c command

DESCRIPTION
     The smrsh program is intended as a replacement  for  the  sh
     command  in  the  prog  mailer in sendmail(1M) configuration
     files. The smrsh program sharply limits commands that can be
     run  using  the  |program  syntax of sendmail. This improves
     overall system security. smrsh limits the  set  of  programs
     that  a programmer can execute, even if sendmail runs a pro-
     gram without going through an alias or forward file.

     Briefly, smrsh  limits  programs  to  be  in  the  directory
     /var/adm/sm.bin,  allowing  system  administrators to choose
     the set of acceptable commands. It also rejects any commands
     with  the characters: ,, <, >, |, ;, &, $, \r (<RETURN>), or
     \n (<NEWLINE>) on  the  command  line  to  prevent  end  run
     attacks.

     Initial pathnames on programs are stripped, so forwarding to
     /usr/ucb/vacation,                        /usr/bin/vacation,
     /home/server/mydir/bin/vacation, and vacation  all  actually
     forward to/var/adm/sm.bin/vacation.

     System administrators should be conservative about  populat-
     ing /var/adm/sm.bin. Reasonable additions are utilities such
     as vacation(1) and procmail.  Never  include  any  shell  or
     shell-like  program (for example, perl) in the sm.bin direc-
     tory. This does not restrict the use of shell or perl scrips
     in  the  sm.bin  directory  (using the #! syntax); it simply
     disallows the execution of arbitrary programs.

OPTIONS
     The following options are supported:

     -c command

         Where command is a valid command, executes command.



FILES
     /var/adm/sm.bin         directory for restricted programs



ATTRIBUTES
     See attributes(5) for descriptions of the  following  attri-
     butes:
     ____________________________________________________________
    |       ATTRIBUTE TYPE        |       ATTRIBUTE VALUE       |
    |_____________________________|_____________________________|
    | Availability                | SUNWcsr, SUNWcsu            |
    |_____________________________|_____________________________|


SEE ALSO
     sendmail(1M), , attributes(5)










Man pages from Solaris 10 Update 8. See docs.sun.com and www.oracle.com for further documentation and Solaris information.
Comments