Thank you all for your answers

Ok i'll try to be more precise :

I have a dozen AIX servers in my LAN.
One of them has to be accessed from outside by people who'll test new
batches.
These batches are located in a specific file system : lets say /batch.
These batches are run with a generic unix account : lets say
batch_user


Using rsh support will be tricky since all batches (at least 20) are
run using different parameters.
So now i am looking for a chroot solution but it is very difficult to
implement it. Any advise would be appreciated

Cheers

howard <pamz@libertysurf.fr> wrote:
> Ok i'll try to be more precise :
>
> I have a dozen AIX servers in my LAN.
> One of them has to be accessed from outside by people who'll test new
> batches.
> These batches are located in a specific file system : lets say /batch.
> These batches are run with a generic unix account : lets say
> batch_user
>
> So now i am looking for a chroot solution but it is very difficult to
> implement it. Any advise would be appreciated

It should not be very difficult.
Try to set up a 'cage' to chroot into; you must have all the necessary
shared libraries and executables there, as well as some files from /etc.
Start with ksh and the libc.a library, when you try
'chroot /batch /usr/bin/ksh' it will tell you what is still missing.

Once you can run everything you need in the chroot environment, you can
setup the user's account so that he gets dropped into chroot on login.

The problem here is that the chroot command is root only, so you cannot
simply specify '/usr/sbin/chroot ...' as login shell for the user.

However, it should not be too hard to write a little C program that
uses chroot(2), then drops root privileges with setuid(2) and exec(2)s
the login shell of the user.
If this program belongs to root and has the set-user-ID flag set, it
should do the trick and you can use it as login shell for the user.

I hope I did not overlook anything important.

Yours,
Laurenz Albe