This tutorial shows how to limit a user to just specific commands. I am using a SLES 11 image in this scenario.
I will create a menu script that will replace the login shell for this user. When the user will ssh into the server, he/she will be presented with a menu from which it cannot escape and a list of commands that can be run. I will save my script in /home/ovi/shell_script and add this line to /home/ovi/.bash_profile ‘exec /home/ovi/shell_script’ As an example, I am creating the user ovi and he will only be able to use 3 commands: ls, pwd and see the passwd file. My script will look like this: #!/bin/bash # This script provides access to ls, pwd and cat /etc/passwd. # disable ctrl-c and ctrl-z and ctrl-d trap "" 2 print_menu() { echo " Some message for the user..." echo " " echo "Choose from the following options" echo "ls - list files and directories" echo "pwd - print current directory" echo "passwd - read /etc/passwd" echo "logout - to quit shell and logout" echo "h - Print this menu" echo " " } quit=false # Print the options menu print_menu while [ $quit != "true" ]; do echo -n "Limited_shell:-> " read cmd case $cmd in ls) ls ;; pwd) pwd ;; passwd) cat /etc/passwd ;; logout) echo "Quiting ..." quit=true ;; h | help) print_menu ;; esac echo " " done The result: # cat /home/ovi/.bash_profile exec /home/ovi/shell_profile Now ssh into the server with user ovi and test a command: # ssh ovi@172.16.41.138 Password: Some message for the user... Choose from the following options ls - list files and directories pwd - print current directory passwd - read /etc/passwd logout - to quit shell and logout h - Print this menu Limited_shell:-> ls bin Desktop Documents Mail shell_profile shell_script Limited_shell:-> pwd /home/ovi Limited_shell:-> My user will only be able to run ls, pwd and passwd from this shell. Logout will terminate the ssh connection.
I will create a menu script that will replace the login shell for this user. When the user will ssh into the server, he/she will be presented with a menu from which it cannot escape and a list of commands that can be run. I will save my script in /home/ovi/shell_script and add this line to /home/ovi/.bash_profile ‘exec /home/ovi/shell_script’ As an example, I am creating the user ovi and he will only be able to use 3 commands: ls, pwd and see the passwd file. My script will look like this: #!/bin/bash # This script provides access to ls, pwd and cat /etc/passwd. # disable ctrl-c and ctrl-z and ctrl-d trap "" 2 print_menu() { echo " Some message for the user..." echo " " echo "Choose from the following options" echo "ls - list files and directories" echo "pwd - print current directory" echo "passwd - read /etc/passwd" echo "logout - to quit shell and logout" echo "h - Print this menu" echo " " } quit=false # Print the options menu print_menu while [ $quit != "true" ]; do echo -n "Limited_shell:-> " read cmd case $cmd in ls) ls ;; pwd) pwd ;; passwd) cat /etc/passwd ;; logout) echo "Quiting ..." quit=true ;; h | help) print_menu ;; esac echo " " done The result: # cat /home/ovi/.bash_profile exec /home/ovi/shell_profile Now ssh into the server with user ovi and test a command: # ssh ovi@172.16.41.138 Password: Some message for the user... Choose from the following options ls - list files and directories pwd - print current directory passwd - read /etc/passwd logout - to quit shell and logout h - Print this menu Limited_shell:-> ls bin Desktop Documents Mail shell_profile shell_script Limited_shell:-> pwd /home/ovi Limited_shell:-> My user will only be able to run ls, pwd and passwd from this shell. Logout will terminate the ssh connection.