#File: sol_11

1.	To set up the account, use the useradd command and give them a ksh.
	Make the .profile file writeable only by root.  Put the following in it:

	trap "echo NoNo" 1 2 3 4 5 6 7 8 10 11 12 13 14 15 16 17 18 19 20 21 22 24 25 26 27 28 29 30 31

	export SHELL="NoNo" #keeps them from shelling out of the mailer
	/usr/bin/mailx
	exit 0

2.	Without the trap command, the mailx process will terminate, leaving
	the user logged in with a ksh prompt.  If you don't have the SHELL 
	environment variable set to a non-existent program, they may be able 
	to shell out.

3.	Set the SHELL environment variable to a non-existent program.

4.	See the man page for ksh, looking specifically at rksh stuff.

5.	find / -perm -4000 -follow -print

	find / -perm -2000 -follow -print

6.	You may have to add your team members to the "us" group in /etc/group.

	chgrp us
	mkdir sgid_dir
	chmod g+s sgid_dir

	chgrp other
	echo "This is a file" > sgid_dir/testfile
	ls -la sgid_dir #Note which group is associated with the file
	mkdir sgid_dir/sgid_sub #Note which group is associated with the dir

7.	chgrp us
	mkdir ugid_dir
	chmod u+s ugid_dir

	chgrp other
	echo "This is a file" > ugid_dir/testfile
	ls -la ugid_dir #Note which group is associated with the file
	mkdir ugid_dir/ugid_sub #Note which group is associated with the dir

8.	It isn't

9.	That user has root privileges.

10.	A person may write a script, called, say "ls", and put it in their
	directory.  This script may do something nasty, say 
	"chmod 777 /etc/passwd" and then an ls.  What happens if root cd's 
	to that directory then does an ls?

		
