linux:lshell

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision		 Previous revision
linux:lshell [2017/11/07 16:36] – created michaellinux:lshell [2019/03/07 14:01] (current) – [Configure LShell] michael
Line 7: Line 7:
 ===== Install Limitet Shell: ===== ===== Install Limitet Shell: =====
  
-  * ''**Install on CentOS / RHEL 7:**'' <code># yum update+  * ''**Install Lshell on CentOS / RHEL 7:**'' <code># yum update
 # yum install lshell</code>  # yum install lshell</code> 
-  * ''**Install on Debian / Ubuntu:**'' <code># apt-get update+ 
 +  * ''**Install Lshell on Debian / Ubuntu:**'' <code># apt-get update
 # apt-get install lshell</code>  # apt-get install lshell</code> 
  
Line 19: Line 20:
 Now set the LShell as default shell for users for which you are required. For example to change the shell of user sarah. Now set the LShell as default shell for users for which you are required. For example to change the shell of user sarah.
  
-<code># chsh sarah</code> <sxh bash; gutter: false;>Changing the login shell for sarah+<code># chsh sarah</code> <sxh plain; gutter: false;>Changing the login shell for sarah
 Enter the new value, or press ENTER for the default Enter the new value, or press ENTER for the default
  Login Shell [/bin/lshell]: /usr/bin/lshell </sxh>  Login Shell [/bin/lshell]: /usr/bin/lshell </sxh>
  
 +----
 +
 +''You may also set the lshell as default shell for user during creation of user account as following.''
 +
 +<code># adduser --shell /usr/bin/lshell raj</code>
 +
 +
 +</WRAP>
 +
 +----
 +
 +===== Configure LShell =====
 +Now start with the configuration of lshell. Edit lshell configuration file ''**/etc/lshell.conf**''. There are 4 basic sections in configuration file.
 +
 +  * <wrap em>[global] :</wrap> In this section we defines the settings which applied globally. For example logs.
 +  * <wrap em>[default] :</wrap> In this section we set default values which applied all users and groups. The settings of this section can be overridden with user and group specific settings.
 +  * <wrap em>[USERNAME] :</wrap> In this section we specify user specific settings. This section settings applied to user only
 +  * <wrap em>[grp:GROUPNAME] :</wrap> In this section we specify group specific settings. This section settings applied to all users of group
 +
 +A **[default]** profile is applied for all users using lshell. You can create **[username]** section or a group **[grp:groupname]** section to customize users and group specific preferences.
 +
 +<wrap hi>The priority order is **User** >> **Group** >> **Default**.</wrap> User section has highest priority and Default has lowest priority.
 +
 +<sxh bash; highlight: [1,5,22,26,31]>[global]
 +logpath         : /var/log/lshell/
 +loglevel        : 2
 +
 +[default]
 +allowed         : ['ls','pwd','cd','cat','cp']
 +forbidden       : [';', '&', '|','`','>','<', '$(', '${']
 +sudo_commands   : ['ls', 'more']
 +warning_counter : 2
 +aliases         : {'ll':'ls -l', 'vim':'rvim'}
 +prompt          : "%u@%h"
 +timer           : 0
 +path            : ['/home', '/usr']
 +env_path        : ':/usr/bin/usr/local/bin'
 +env_vars        : {'foo':1, 'bar':'helloworld'}
 +scp             : 1 # or 0
 +sftp            : 1 # or 0
 +overssh         : ['rsync','ls']
 +strict          : 0
 +history_file    : "/home/%u/.lshell_history"
 +
 +[grp:wheel]
 +warning_counter : 5
 +overssh         : - ['ls']
 +
 +[raj]
 +allowed         : 'all' - ['su','rm','mv']
 +path            : ['/etc', '/usr'] - ['/usr/local']
 +home_path       : '/home/raj'
 +
 +[sarah]
 +allowed         : + ['ping'] - ['ls']
 +path            : - ['/usr/local']
 +strict          : 1
 +scpforce        : '/home/sarah/uploads/'</sxh>
 +
 +
 +__For example User ‘rja’ and user ‘sarah’ both belong to the ‘wheel’ UNIX group:__
 +<WRAP center box 100%>
 +''**Group wheel:**''
 +
 +  * Users of wheel group has a warning counter set to 5
 +  * Users of wheel group is not allowed ‘ls’ command.
 +</WRAP>
 +
 +
 +<WRAP center box 100%>
 +''**User raj:**''
 +
 +  * Can access /etc and /var but not /usr/local
 +  * Can access all commands in his PATH execpt commands – su, rm, vm
 +  * has a warning counter set to 5 [default]
 +  * has his home path set to ‘/home/raj’
 +</WRAP>
 +
 +
 +<WRAP center box 100%>
 +''**User sarah:**''
  
 +  * Can access /home and /usr but not /usr/local
 +  * is allowed default command ‘ping’ but not ‘ls’
 +  * strictness is set to 1 (he is not allowed to type an unknown command)
 </WRAP> </WRAP>
  
Line 29: Line 114:
  
  
 +----
  
 **Quelle:** https://tecadmin.net/how-to-limit-user-access-with-lshell-limited-shell/# **Quelle:** https://tecadmin.net/how-to-limit-user-access-with-lshell-limited-shell/#
  • linux/lshell.1510068965.txt.gz
  • Last modified: 2017/11/07 16:36
  • by michael