i want to restrict all commands for user except ssh command

Rushikesh Sakharle

12/25/23, 2:41 AM

I am a root user and don't want that users can execute all linux command except ssh. They only have to use ssh command in their user. How to do that? please anyone help.

352

1 + 1

ssh

bash

centos

larsks

12/25/23, 3:12 AM

Bash has a [restricted mode](https://www.gnu.org/software/bash/manual/html_node/The-Restricted-Shell.html) that may help out.

Score:0

Server

水清木华

12/25/23, 6:53 AM

There are a few different approaches you can take to achieve this. Here are a few options:

Use the bash shell's built-in restricted mode: You can start a user's shell in restricted mode by running bash -r or rbash. This will prevent the user from executing most commands, including changing directories, setting environment variables, and running commands with /bin/sh. However, the user will still be able to run commands that are built into the bash shell, such as cd, echo, and exit.

Use the bash shell's alias command: You can use the alias command to define custom commands that the user is allowed to run. For example, you could create an alias for ssh like this:

alias ssh='/usr/bin/ssh'

This will allow the user to run the ssh command, but they will not be able to run any other commands.

Use the bash shell's command built-in: The command built-in allows you to run a command as if it were being run from the command line, rather than being run as a function or built-in. You can use this to allow the user to run specific commands, while still preventing them from running other commands. For example:

command ssh

This will allow the user to run the ssh command, but they will not be able to run any other commands.

Use the bash shell's enable built-in: The enable built-in allows you to enable or disable specific shell built-ins or commands. You can use this to allow the user to run specific commands, while still preventing them from running other commands. For example:

enable -n ssh

This will disable the ssh command, so the user will not be able to run it.

Use the bash shell's export command: You can use the export command to set environment variables that the user is not allowed to change. For example:

export PATH=/usr/bin:/usr/sbin

This will set the user's PATH environment variable to only include the /usr/bin and /usr/sbin directories, so they will only be able to run commands that are located in those directories.

Use a custom shell: You can create a custom shell that only allows the user to run specific commands. For example, you could create a shell script called ssh-only that looks like this:

#!/bin/bash

# Check if the first argument is "ssh"
if [ "$1" == "ssh" ]; then
  # If it is, run the ssh command
  /usr/bin/ssh "$@"
else
  # If it's not, print an error message
  echo "Command not allowed"
fi

Then, set the user's shell to /path/to/ssh-only using the chsh command. This will allow the user to run the ssh command, but they will not be able to run any other commands.

+ 0

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: i want to restrict all commands for user except ssh command

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.