Use limited shell - rbash
|
Add a user who can execute specific commands.
|
|
[1] | Create a link named 'rbash' from bash. |
[root@rx7 ~]# ln -s /bin/bash /opt/rbash
|
[2] | Add a user his default shell is rbash and set he can execute only 'ping'. |
[root@rx7 ~]# useradd testuser -s /opt/rbash [root@rx7 ~]# passwd testuser [root@rx7 ~]# mkdir /home/testuser/bin [root@rx7 ~]# ln -s /bin/ping /home/testuser/bin/ping [root@rx7 ~]# chown root. /home/testuser/.bash_profile [root@rx7 ~]# chmod 755 /home/testuser/.bash_profile [root@rx7 ~]# vi /home/testuser/.bash_profile # change PATH like below PATH=$HOME/bin |
[3] | Login with testuser |
[testuser@rx7 ~]$ -rbash: cd: restricted # denied [testuser@rx7 ~]$ -rbash: ls: command not found # none [testuser@rx7 ~]$ ping localhost PING rx7.server-world.info (127.0.0.1) 56(84) bytes of data. 64 bytes from rx7.server-world.info (127.0.0.1): icmp_seq=1 ttl=64 time=0.017 ms 64 bytes from rx7.server-world.info (127.0.0.1): icmp_seq=2 ttl=64 time=0.014 ms --- rx7.server-world.info ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 999ms rtt min/avg/max/mdev = 0.014/0.015/0.017/0.004 ms  # executed
|