Answer the question
In order to leave comments, you need to log in
How to make a fixed list of commands for a user in SSH?
There is CentOS7. ssh server. Multiple users. One of them is to restrict access to the file system (sftp is already disabled) and standard commands by allowing certain commands that are either bash functions or executable programs.
As a result, a person should go through ssh and see (or when entering the help command) a list of available commands (mostly / all without an argument), be able to execute them, as well as the inability to execute standard commands. Of course, all launched programs/scripts are executed on behalf of the user logged in via ssh, or via sudo if you need to run on behalf of another user.
There was an idea to create your own shell and change the default shell for the user to my custom shell through chsh, which will do what is described above.
Is there any ready-made software with the above functionality? How to make java program available in chsh list
Answer the question
In order to leave comments, you need to log in
There is a tool standard for most distributions chroot
. It is used for sobitvenny isolations by a heap of system software. It is everywhere and does not have to be installed.
You create a user. You create a new directory.
In it you create the main system folders. You make one of the folders (for example, /home
) user, that is, you change the owner chown
to this user.
Then, using links (command ln
), you add to these folders everything that you want the user and programs running under him to have access to.
You start all its sessions through chroot.
Do not forget to limit the use of hdd (command group quota
).
And then he can be given the opportunity to use at least a package manager, even installing his own software, the user will not spoil anything.
Classic hosting, emn.$ man chroot
I don't know about linux, but there is no list in chsh in fra. You can specify anything as the shell.
There is also a usermod command, which can also be used as a shell to prescribe anything. Although even a shell script. I have made a stupid terminal, purely for connecting via SSH and port forwarding inside the LAN. The following script is specified as the shell for the connecting user:
#!/bin/sh
main() {
echo
echo
echo
echo
echo
echo
echo
echo
echo "Dumb terminal enabled"
while true; do
sleep 5
done
}
# Assign noop for Ctrl+C and run main
trap true INT
main [email protected]
Accordingly, this script just spins from sleep 5 and does not allow you to exit with Ctrl-C. But in the same way, you can hang up the expectation of some input from the user in the waiting loop, followed by processing this input by case to determine whether these commands are necessary or not. If unnecessary, then send, if necessary - execute with the necessary parameters.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question