Restricted User Login
AstLinux now supports a restricted login shell /bin/rbash
for optional non-root users. The Restricted Shell is a special mode of bash
.
Restricted users are allowed access via SSH, the console, and if enabled the CLI tab of the web interface.
Note -> Neither scp
or sftp
are allowed with a restricted user account, though SSH tunneling and SOCKS web proxy does work by default.
Note -> If the FTP Server is enabled, by default, restricted user accounts will be allowed unless a custom /mnt/kd/vsftpd.conf
is used.
Note: AstLinux 1.2.10 or later is required
Add Restricted User
A restricted user (staff
in this example) can be added using the CLI as root
, using the command:
adduser -s /bin/rbash staff
Warning -> Never change the root
user's login shell to /bin/rbash
!
Commands Available
A restricted user only has access to the commands in /usr/rbin
, and additionally /mnt/kd/rbin
if it exists.
An example set of command are:
arp df grep ifconfig ls nslookup ps traceroute uptime clear fping host iftop mtr ping ss traceroute6 whoami date fping6 htop ip netstat ping6 top uname whois
Determine the exact set of commands on your system with the command:
ls /usr/rbin/
Additionally, if this directory exists:
ls /mnt/kd/rbin/