CentOS 6 - user with limited commands and access - restricted bash
Add a user who can execute some specific commands.
|
|
[1] | Create a link named 'rbash' from bash. |
[root@dlp ~]#
ln -s /bin/bash /opt/rbash
|
[2] | Add a user that his default shell is rbash and set he can execute only 'ping'. |
[root@dlp ~]#
useradd cern -s /opt/rbash
[root@dlp ~]#
passwd cern
[root@dlp ~]#
mkdir /home/cern/bin
[root@dlp ~]#
ln -s /bin/ping /home/cern/bin/ping
[root@dlp ~]#
chown root. /home/cern/.bash_profile
[root@dlp ~]#
chmod 755 /home/cern/.bash_profile
[root@dlp ~]#
vi /home/cern/.bash_profile
# change PATH like follows
PATH=
$HOME/bin
|
[3] | Login with the test user. |
-rbash: cd: restricted
# denied
[cern@dlp ~]$
-rbash: ls: command not found
# none
[cern@dlp ~]$
ping localhost
PING localhost (127.0.0.1) 56(84) bytes of data.
64 bytes from localhost (127.0.0.1): icmp_seq=1 ttl=64 time=0.045 ms
64 bytes from localhost (127.0.0.1): icmp_seq=2 ttl=64 time=0.008 ms
64 bytes from localhost (127.0.0.1): icmp_seq=3 ttl=64 time=0.008 ms
--- localhost ping statistics ---64 bytes from localhost (127.0.0.1): icmp_seq=1 ttl=64 time=0.045 ms
64 bytes from localhost (127.0.0.1): icmp_seq=2 ttl=64 time=0.008 ms
64 bytes from localhost (127.0.0.1): icmp_seq=3 ttl=64 time=0.008 ms
3 packets transmitted, 3 received, 0% packet loss, time 2157ms
rtt min/avg/max/mdev = 0.008/0.020/0.045/0.017 ms # executed
found at: http://www.server-world.info/en/note?os=CentOS_6&p=rbash
Comments
Post a Comment