limit the activities

We want to limit the activities or command to run for specific user then, how to limit a shell? here are the steps to create limited shell.

Add a user who can execute some specific commands.

1. Create a link named rbash from bash.

# ln -s /bin/bash /opt/rbash

2. Add a user that his default shell is rbash and set he can execute only ping.

# useradd lsuser -s /opt/rbash
# passwd lsuser
# mkdir /home/lsuser/bin
# ln -s /bin/ping /home/lsuser/bin/ping
# chown root. /home/lsuser/.bash_profile
# chmod 755 /home/lsuser/.bash_profile
# vi /home/lsuser/.bash_profile

# change PATH like follows
PATH= $HOME/bin

3. Login with the test user.

$ cd
-rbash: cd: restricted # denied
$ ls
-rbash: ls: command not found # none
$ ping localhost
PING localhost (127.0.0.1) 56(84) bytes of data.
64 bytes from localhost (127.0.0.1): icmp_seq=1 ttl=64 time=0.045 ms
64 bytes from localhost (127.0.0.1): icmp_seq=2 ttl=64 time=0.008 ms
64 bytes from localhost (127.0.0.1): icmp_seq=3 ttl=64 time=0.008 ms

localhost ping statistics
3 packets transmitted, 3 received, 0% packet loss, time 2157ms
rtt min/avg/max/mdev = 0.008/0.020/0.045/0.017 ms  # executed
=======================================================

Advertisements

2 thoughts on “limit the activities

  1. This is extremely good. I was amazed to find this info so well put together, definitely planning to post this on facebook so the husband can find it. Cheers!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s