Show pageOld revisionsBacklinksBack to top This page is read only. You can view the source, but not change it. Ask your administrator if you think this is wrong. ====== Restricted User Login ====== AstLinux now supports a restricted login shell ''/bin/rbash'' for optional non-root users. The [[https://www.gnu.org/software/bash/manual/html_node/The-Restricted-Shell.html|Restricted Shell]] is a special mode of ''bash''. Restricted users are allowed access via SSH, the console, and if enabled the CLI tab of the web interface. !!Note ->!! Neither ''scp'' or ''sftp'' are allowed with a restricted user account, though SSH tunneling and SOCKS web proxy does work by default. !!Note ->!! If the FTP Server is enabled, by default, restricted user accounts will be allowed unless a custom ''/mnt/kd/vsftpd.conf'' is used. \\ !!Note: AstLinux 1.2.10 or later is required!! ===== Add Restricted User ===== A restricted user (''staff'' in this example) can be added using the CLI as ''root'', using the command: adduser -s /bin/rbash staff \\ !!Warning ->!! Never change the ''root'' user's login shell to ''/bin/rbash'' ! ===== Commands Available ===== A restricted user only has access to the commands in ''/usr/rbin'', and additionally ''/mnt/kd/rbin'' if it exists. An example set of command are: arp df grep ifconfig ls nslookup ps traceroute uptime clear fping host iftop mtr ping ss traceroute6 whoami date fping6 htop ip netstat ping6 top uname whois Determine the exact set of commands on your system with the command: ls /usr/rbin/ Additionally, if this directory exists: ls /mnt/kd/rbin/ userdoc/tt_restricted_user_login.txt Last modified: 2017/02/19 16:20by abelbeck