Restricted User Login

AstLinux now supports a restricted login shell /bin/rbash for optional non-root users. The Restricted Shell is a special mode of bash.

Restricted users are allowed access via SSH, the console, and if enabled the CLI tab of the web interface.

Note โ†’ Neither scp or sftp are allowed with a restricted user account, though SSH tunneling and SOCKS web proxy does work by default.

Note โ†’ If the FTP Server is enabled, by default, restricted user accounts will be allowed unless a custom /mnt/kd/vsftpd.conf is used.

Note: AstLinux 1.2.10 or later is required

Add Restricted User

A restricted user (staff in this example) can be added using the CLI as root, using the command:

adduser -s /bin/rbash staff

Warning โ†’ Never change the root user's login shell to /bin/rbash !

Commands Available

A restricted user only has access to the commands in /usr/rbin, and additionally /mnt/kd/rbin if it exists.

An example set of command are:

arp          df           grep         ifconfig     ls           nslookup     ps           traceroute   uptime
clear        fping        host         iftop        mtr          ping         ss           traceroute6  whoami
date         fping6       htop         ip           netstat      ping6        top          uname        whois

Determine the exact set of commands on your system with the command:

ls /usr/rbin/

Additionally, if this directory exists:

ls /mnt/kd/rbin/