I decided to place this post in the advertisements section just to be careful not to violate any promotion rules. My company has developed a pseudo-shell that sits on top of BASH with PHP and we are preparing to make it commercially available to hosting companies.

The shell keeps users in their own home directories and only allows them to run programs that are in a list of allowed commands. Everything is configured through a configuration file and different users can be assigned different restrictions (using group policies internal to the shell). We have using the shell for several months on our own servers as it has been being developed and it has performed very well.

I am trying to get a feel from the companies that visit this board about the interest in a program like this. I believe this shell will be a cost-effective way for hosting companies to offer shell access to their customers without the risk of anyone browsing around the server outside of his account.

Please let me know if you would be interested in this program or would have suggestions for features that should be added.

Best regards,
Frank Rietta

Your going to try to sell a shell??? I dont think that will go over very well, your best bet is to offer it free under the open source license and get free publication for your company from it.

Originally posted by cbaker17
Your going to try to sell a shell??? I dont think that will go over very well, your best bet is to offer it free under the open source license and get free publication for your company from it.

i agree. although it would be a great idea, i dont know if people are willing to pay. if opened sourced, you'd get all the credit. i'm certainly interested in it though :)

I'm interested in it too.
Open source is defiantly nice, but some people may be willing to pay for it. It depends on the price.

I know most people are used to getting software from open source for free (even I like free software). However, I think it would be best to try to sell it first. NcFTPD has to be licensed, but companies still buy it even though ProFTPD is available for free. I think we might be able to "compile" the program using the Zend PHP Encoder. We have considered rewriting the software in C for extra speed, but stability and cross-platform deployment should be a lot easier with PHP.

Best regards,
Frank Rietta

The question remains,
How much do you plan to sell it for?

Though it is not set in stone yet, the planned price is $250 for a single server, unlimited user license. A 50 user license version will most likely also be available.

Best regards,
Frank Rietta

You know, I love PHP... I've developed in almost nothing but it for the last year and a half. But is it the most appropriate choice for writing a shell?

Does the script run a chroot? I created a bash wrapper in perl, but I had a major difficulty. Programs like pine were impossible to include. When composing a message in pine, users can include files and therefore browse through all of the directories on the system (that they have permission to). There are several other instances in this in other programs. Pico is the only program which I could get to restrict users into their home directories. Did you find a way around these problems? I considered it impossible without a chroot, but maybe there is hope. :)

The decision to develop the shell with PHP rather than C was based off PHP’s ability to handle strings in a simple and efficient manner. I do not see the development model much differently than the Visual Basic model. Programs developed with Visual Basic need support files, such as msvbvm50.dll. Similarly, the PHP scripts are really programs (especially when encoded using the Zend Encoder) and the PHP binaries are support files and the interpreter. In our comparison tests, the PHP code appears to execute faster than similar code written in Perl.

The script does not run as a chroot because that would defeat the purpose. The main goals were to keep users in their own home directories and to be able to allow users to utilize certain system commands without duplicating any binaries. If a program allows users to browse directories outside of their home directory, it is easy to disable that program from our shell by removing it from the allowed programs list. Most Linux programs, all that I know of, have their source code included so it would be possible to patch them to keep users in their own directories. One planned feature for this shell that will greatly improve security is script prepossessing, which will enable us to block scripts that do not follow the directory restrictions.

I am excited about this project and we are always open to suggestions. To answer the question about making this open source, we are considering making the source available so companies can make their own modifications, but that source would be licensed. The goal is not to become a giant software company and I do care to become an extremely wealthy CEO, but with everything our company does, we try to create revenue. Our business model is based off more than just web hosting; our goal is to provide software and service solutions that will help businesses and the web communities.

Best regards,
Frank Rietta