userdoc:tt_restricted_user_login

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
userdoc:tt_restricted_user_login [2017/02/17 11:52]
abelbeck [Add Restricted User]
userdoc:tt_restricted_user_login [2017/02/19 16:20] (current)
abelbeck [Restricted User Login]
Line 3: Line 3:
 AstLinux now supports a restricted login shell ''/bin/rbash'' for optional non-root users.  The [[https://www.gnu.org/software/bash/manual/html_node/The-Restricted-Shell.html|Restricted Shell]] is a special mode of ''bash''. AstLinux now supports a restricted login shell ''/bin/rbash'' for optional non-root users.  The [[https://www.gnu.org/software/bash/manual/html_node/The-Restricted-Shell.html|Restricted Shell]] is a special mode of ''bash''.
  
 +Restricted users are allowed access via SSH, the console, and if enabled the CLI tab of the web interface.
 +
 +!!Note ->!! Neither ''scp'' or ''sftp'' are allowed with a restricted user account, though SSH tunneling and SOCKS web proxy does work by default.
 +
 +!!Note ->!! If the FTP Server is enabled, by default, restricted user accounts will be allowed unless a custom ''/mnt/kd/vsftpd.conf'' is used.
 +
 +\\
 !!Note: AstLinux 1.2.10 or later is required!! !!Note: AstLinux 1.2.10 or later is required!!
 ===== Add Restricted User ===== ===== Add Restricted User =====
  
-A restricted user (''staff'' in this example) can be added using the CLI when logged in as ''root'', using the command:+A restricted user (''staff'' in this example) can be added using the CLI as ''root'', using the command:
  
   adduser -s /bin/rbash staff   adduser -s /bin/rbash staff
 \\ \\
 !!Warning ->!! Never change the ''root'' user's login shell to ''/bin/rbash'' ! !!Warning ->!! Never change the ''root'' user's login shell to ''/bin/rbash'' !
 +
 ===== Commands Available ===== ===== Commands Available =====
  
-A restricted user only has access to the commands in ''/usr/rbin/'', and additionally ''/mnt/kd/rbin'' if it exists.+A restricted user only has access to the commands in ''/usr/rbin'', and additionally ''/mnt/kd/rbin'' if it exists.
  
 An example set of command are: An example set of command are:
  
-  arp          df           host         iftop        mtr          ping         pwd          traceroute   uptime +  arp          df           grep         ifconfig     ls           nslookup     ps           traceroute   uptime 
-  clear        fping        htop         ip           netstat      ping6        ss           traceroute6  whoami +  clear        fping        host         iftop        mtr          ping         ss           traceroute6  whoami 
-  date         fping6       ifconfig     ls           nslookup     ps           top          uname        whois+  date         fping6       htop         ip           netstat      ping6        top          uname        whois
  
 Determine the exact set of commands on your system with the command: Determine the exact set of commands on your system with the command:
Line 25: Line 33:
   ls /usr/rbin/   ls /usr/rbin/
  
 +Additionally, if this directory exists:
 +
 +  ls /mnt/kd/rbin/
 +  
  • userdoc/tt_restricted_user_login.1487353927.txt.gz
  • Last modified: 2017/02/17 11:52
  • by abelbeck