CentOS 5
Sponsored Link

Use limited shell - rbash
2010/05/05
  Add a user who can execute specific commands.

[1] Create a link named 'rbash' from bash.
[root@rx7 ~]#
ln -s /bin/bash /opt/rbash
[2] Add a user his default shell is rbash and set he can execute only 'ping'.
[root@rx7 ~]#
useradd testuser -s /opt/rbash

[root@rx7 ~]#
passwd testuser

[root@rx7 ~]#
mkdir /home/testuser/bin

[root@rx7 ~]#
ln -s /bin/ping /home/testuser/bin/ping

[root@rx7 ~]#
chown root. /home/testuser/.bash_profile

[root@rx7 ~]#
chmod 755 /home/testuser/.bash_profile

[root@rx7 ~]#
vi /home/testuser/.bash_profile


# change PATH like below

PATH=$HOME/bin
[3] Login with testuser
[testuser@rx7 ~]$
-rbash: cd: restricted
# denied

[testuser@rx7 ~]$
-rbash: ls: command not found
# none

[testuser@rx7 ~]$
ping localhost

PING rx7.server-world.info (127.0.0.1) 56(84) bytes of data.
64 bytes from rx7.server-world.info (127.0.0.1): icmp_seq=1 ttl=64 time=0.017 ms
64 bytes from rx7.server-world.info (127.0.0.1): icmp_seq=2 ttl=64 time=0.014 ms

--- rx7.server-world.info ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 999ms
rtt min/avg/max/mdev = 0.014/0.015/0.017/0.004 ms  
# executed
 
Tweet