INTRODUCTION

	Welcome to LShell version 2.01. This program enforces resource
quotas stored in a configuration file. It is easier and more secure that
writing a shell script in /etc/profile and trying to compare user names in
hard-coded if/else type trees.

	LShell's operation is entirely transparent both to users and to
shell scripts.

	LShell is primarily intended to enforce limits to protect system
integrity. These limits should not be applied lightly as Linux responds to
resources that are exceeded by failing to fork, killing the processes,
refusing to open a file, and so on.

	You're the administrator, so use your judgment. Limiting a user to
30 processes, for example, is a reasonable step and justifiable to protect
system integrity. Limiting him to 4 will stop him from using any pipelines
and probably even stop bash from starting up.

	In general, every process begins its life with three files open and
increases from there. Limiting people to fewer files than three times their
process limit makes little sense.
 
CONFIGURING LSHELL 2.01

	First, make a world-readable file (/etc/lshell.conf) that describes
the resource limits you wish to impose. Put 'root' first in the file with a
second field of '-' to make sure no quotas are imposed on 'root'. The last
entry is the default entry. Use it for your 'default' quotas.

	The second field of each entry consists of a concatenated list of
resource limits. Each limit consists of a letter identifier followed by a
numerical limit.

	The valid identifiers are:

	F: Number of file descriptors
	P: Number of processes
	C: CPU time in minutes
	D: Data segment in Megabytes

	You can use the included limits file as an example.

INSTALLING LSHELL 2.01

	First copy lshell into /bin. Create a world-readable /etc/limits
file according to the directions above.

	Make a copy of root's shell and call it 'root_shell' edit
/etc/passwd so that root uses that shell. This will ensure that root can
login if something goes wrong in the install process.

	Make a directory in /bin called "shells". The directory should be
world executable. Then copy every legal login shell into that directory.
Then replace each legal login shell with a copy of LShell.

	Note: When using LShell with shells that do not live in /bin, the
real shell should still be put in /bin/shells. Just put a copy of LShell in
the appropriate directory.

	Once you are convinced the LShell is working properly, you may
delete /bin/lshell and restore root's shell to an LShell protected shell.
I strongly recommend, however, not making root's shell a protected shell,
just in case anyone ever mis-edits the config file.

COMPILING LSHELL 2.0

	Lshell should be compiled with "gcc -O2 -s -N lshell.c -o /bin/lshell".

NOTES

	For some unknown reason, bash's 'ulimit -a' fails to correctly
report the quota on open files. The quota is imposed, however.

	LShell has several options that can be configured in the source or
overridden during compilation. You may wish to look at these if you wish to
customize LShell's operation.

	If you received a pre-compiled LShell executable and you are running
a Linux kernel earlier than 1.2.0 or have a libc.so earlier than 4.6.27 it
is strongly suggested that you thow it away and compile LShell yourself.

	Report any bugs or problems to Joel Katz (Stimpson@Panix.com).

REVISION HISTORY

	Version 1 was released on Mar 8, 1995. 

	Version 1.01 was released Mar 9, 1995 to correct a minor bug that
caused lshell to mishandle the default entry if the dummy name given to it
contained numbers.

	Version 2.0 was released Mar 10, 1995 and added invisible operation
and shell script pass-through. LShell was almost entirely re-written for
version 2.0.

	Version 2.01 corrected a bug in 2.0 which caused LShell to operate
completely incorrectly if EXEMPT_ROOT was defined. Also, support for shells
not in /bin was added (or, more precisely, documented). Also, a bug in path
handling for shell script pass-throughs was fixed.