Creating a User with Access to a Single Command
Ariel Biener
ariel at post.tau.ac.il
Mon Apr 4 12:05:30 IDT 2011
That's not what you want. Please read about "restricted shell".
A working example:
/etc/passwd:
ariel:x:uid:gid::/home/ariel:/bin/rbash
ls -l /bin/rbash
lrwxrwxrwx 1 root root 4 Apr 10 2006 /bin/rbash -> bash
drwx-----t 4 ariel mygroup 4096 Apr 1 22:50 /home/ariel
ls -al ~ariel
-r-xr-xr-x 1 root root 688 Apr 7 2010 .profile
-rw-r--r-- 1 root root 0 Apr 7 2010 .inputrc
lrwxrwxrwx 1 root root 8 Apr 7 2010 .bashrc -> .profile
lrwxrwxrwx 1 root root 8 Apr 7 2010 .bash_profile -> .profile
-rw-r--r-- 1 root root 0 Apr 7 2010 .bash_logout
lrwxrwxrwx 1 root root 8 Apr 7 2010 .bash_login -> .profile
drwx------ 2 ariel mygroup 4096 Apr 23 2010 .ssh
-rw------- 1 ariel mygroup 660 Apr 1 22:50 .Xauthority
cat .profile
#! /bin/rbash
declare -r PS1='(myhost)>'
unset BASH_VERSION
unset HISTFILE
unset HISTFILESIZE
unset HOSTTYPE
unset MACHTYPE
unset OSTYPE
unset _INIT_PREV_LEVEL
unset _INIT_RUN_LEVEL
unset _INIT_RUN_NPREV
unset _INIT_UTS_ISA
unset _INIT_UTS_MACHINE
unset _INIT_UTS_NODENAME
unset _INIT_UTS_PLATFORM
unset _INIT_UTS_RELEASE
unset _INIT_UTS_SYSNAME
unset _INIT_UTS_VERSION
unset PATH
unset MAIL
unset MAILCHECK
unset HISTFILESIZE
unset HISTSIZE
unset HZ
unset PS2
unset PS4
declare -rx PATH=/usr/local/restricted
declare -rx HOSTNAME=myhost.mydomain
declare -rx TZ=Israel
echo "
Welcome to gate.
The following commands can be used: telnet, ssh.
"
declare -rx HOME=~
=========================
ls -l /usr/local/restricted
lrwxrwxrwx 1 root root 12 Apr 10 2006 ssh -> /usr/bin/ssh
lrwxrwxrwx 1 root root 24 Mar 13 2006 telnet -> /usr/kerberos/bin/telnet
-- Ariel
--
Ariel Biener
e-mail: ariel at post.tau.ac.il
PGP: http://www.tau.ac.il/~ariel/pgp.html
More information about the Linux-il
mailing list