Suppose i create a new user TEST in ubuntu and i need to block all commands except cp,ssh,exit.Please help me.i am new to linux.
Asked
Active
Viewed 2,011 times
0
-
Why do you want to do that? Is it serious? – Basile Starynkevitch May 21 '15 at 07:03
-
If you are really newbie in Linux, and you need a serious thing, I would recommend to learn much more about Linux before deploying your solution. So I would suggest to give up, or trust somehow your users. – Basile Starynkevitch May 21 '15 at 07:10
2 Answers
1
Alternatively, consider using some restricted shell like rbash which you might set up as the user's login & ssh shell (use chsh and/or configure his/her's ~/.ssh/config); of course set up the PATH appropriately, it might contain a single ~/bin/ directory containing symlinks to /bin/cp, /usr/bin/ssh, etc. You might want to make ~/bin/ not owned and not writable by the user.
Be careful: if your user is more experimented than you are, you might leave some holes that he/she would be able to exploit. Make it also a social/contractual issue, by at least explicitly forbidding (in words) things.
You might also want to learn more about chroot and/or setuid; see also the references in this answer.
Notice that if your user gets ssh, he is likely to get scp and be able to hack his account (e.g. by adding executable files into his ~/bin/ ....)
Community
- 1
- 1
Basile Starynkevitch
- 223,805
- 18
- 296
- 547
0
I think you need to create a new group in which you set all the commands you want to use and add your TEST user to this group.
Kruncho
- 195
- 1
- 13
-
-
@user3226587: it is not worth the effort. Unless you know a lot more about Linux you are sure to make security mistakes. – Basile Starynkevitch May 21 '15 at 07:12
-
1Basile is right it's not the easyest way. Go see this topic, it's very close to your situation : https://stackoverflow.com/questions/21498667/how-to-limit-user-commands-in-linux – Kruncho May 21 '15 at 07:19