How To Limit User’s Access To The Linux System

Limit User's Access To The Linux System

13 Responses

  1. Layne Bernardo says:

    This is a very helpful article, and presents a much simpler way of providing the exact functionality I need than a chroot jail. Thanks!

  2. sahil says:

    I would like to allow user to use cd command
    how?

    • sk says:

      It will not allow you to execute “cd” command. So you can’t go anywhere. You can simply stay in the current working directory. If you allow the “cd” command, what is the point of using Restricted Shell? The user can go anywhere and do whatever he wants. There won’t be any restriction.

      Anyway, try the following and let me know if it works.

      Run the following command to allow “cd” command:

      # ln -s /bin/cd /home/ostechnix/bin/cd

      Make sure you have created the “/home/ostechnix/bin” directory. Now, the user can able to use “cd” command.

  3. Davey says:

    This is a really helpful article and exactly what I needed in a clear manner and thanks for that. But I have a question, if I wanted to allow users to run certain Python scripts from an alias stored in the /opt/ directory, how would I allow a user to run a command say

    python3 /opt/application/script.py

    or a custom alias for that?

    • sk says:

      Create a “bin” directory inside the home folder of the the new user and move the script to bin directory. Please read the guide carefully. I have mentioned how to allow users to run new commands.

  4. Arvind Kumar says:

    How do I set for a perticular group.

  5. Shozib Javed says:

    Very informative article; helped a lot. Thank you author.

  6. Youssef Kanane says:

    Hi ,

    thx for this useful article .

    for redhat distrib :

    Modify the PATH variable like below.

    PATH=$PATH:$HOME/bin

    • Youssef Kanane says:

      sorry ignore the above about path . it is working fine with PATH=$HOME/bin , it was rather /home/userx/bin directory permission issue . thanks again for this intuitive article .

      actually I wanted this user to have the right to read some system logs like /var/log/messages , so have added sudo privileges (/etc/sudoers) to user group .
      after doing so , the user was no more restricted to those commands … is their a way to have : root privileged user with restricted commands ?

  7. Michael Motzkus says:

    This is a very nice article … but using rbash (this way) is very dangerous. For two reaons:

    1. The user’s /bin directory is writable. If the user can ssh into the system, he can easily copy other commands from remote to this directory and even preserve their executable privilege (scp -p).

    2. It’s a chroot environment and it is very easy to break out of the rbash, even with such a simple program like vi / vim, which allows the user to change the shell. Allowing Python or other programming languages is even worst, it takes at most a minute to break out of this jail …

    You should be very careful about, what programs you allow and know them very well. You should also remove the write privilege to the /bin directory.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.