Specifying the -p option to the command builtin command Using the enable builtin command to enable disabled shell Using the exec builtin command to replace the shell with anotherĪdding or deleting builtin commands with the -f and -d options Redirecting output using the >, >|,, >&, &>, and > redirect. Parsing the value of SHELLOPTS from the shell environment at Importing function definitions from the shell environment at Specifying a filename containing a slash as an argument to the Specifying a file name containing a / as an argument to the. Setting or unsetting the values of SHELL, PATH, ENV, or BASH_ENV With the Restricted Shell, the following are disallowed or not performed: Then just create a normal user with this Restricted Shell, and set it's home dir to the desired folder: useradd -s /bin/rbash -d /home/restricted_folder usernameĮven without the Restricted Shell, if you explicitly do not add this user to sudoer's list, or any special groups, then it will be limited by default. Ref:įirst, create a symlink called rbash (run as root user). The easiest way to create restricted user that cannot wander off the given directory (e.g., to the upper directory etc), and have a limited/picked set of command to use, is to use a Restricted Shell. Then comment out the Subsystem sftp /usr/lib/openssh/sftp-server by placing a hash ( #) sign at the start.Īfter restarting your SSH server (it does not kill interactive sessions on restart, so it is safe even if you misconfigured something also, does not close your running session before you have checked that you are still able to log in), everything should work as intended. Add these lines at the end of your sshd_config: Match user restricted_user If you need to make even world-writable directories unaccessible for this user, there are two variants.ġ) If you want to provide an interactive shell session to the user, then consider following this manual on creating a chroot jail (in your /restricted/directory).Īfter that, add the following to your sshd_config: Match user restricted_userĢ) If you only need him to copy files between his endpoint of connection and your host, everything is much easier. If you have the directory already, you can run adduser command with a -no-create-home option appended and set permissions manually (also with root privileges), like: chown restricted_user:restricted_user /restricted/directory It won't have an ability to write to any other directory by default. This will create a user restricted_user, the directory /restricted/directory and then permissions on the directory will be set so the user can write to it. Just create a new user with its home directory set to the one you need him to have access to (this command must be run under sudo or in root shell): adduser -home /restricted/directory restricted_user
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |