Skip to content

Use Case

Jump to bottom Edit New page
ghantoos edited this page Oct 8, 2014 · 1 revision

The primary goal of lshell, was to be able to create shell accounts with ssh access and restrict their environment to a couple a needed commands. In this example, User 'bla' and user 'blu' both belong to the 'users' UNIX group:

User bla

  • must be able to access /usr and /var but not /usr/local
  • user all command in his PATH but 'su'
  • has a warning counter set to 5
  • has his home path set to '/home/users'

User blu

  • must be able to access /etc and /usr but not /usr/local
  • is allowed default commands plus 'ping' minus 'ls'
  • strictness is set to 1 (meaning he is not allowed to type an unknown command)

lshell.conf

In this case, my configuration file will look something like this:

# CONFIGURATION START
[global]
logpath         : /var/log/lshell/
loglevel        : 2
logfilename     : %y%m%d-%u

[default]
allowed         : ['ls','pwd']
forbidden       : [';', '&', '|']
warning_counter : 2
timer           : 0
path            : ['/etc', '/usr']
env_path        : ':/sbin:/usr/bla'
scp             : 1 # or 0
sftp            : 1 # or 0
overssh         : ['rsync','ls']
aliases         : {'ls':'ls --color=auto','ll':'ls -l'}

[grp:users]
warning_counter : 5
overssh         : - ['ls']

[bla]
allowed         : 'all' - ['su']
path            : ['/var', '/usr'] - ['/usr/local']
home_path       : '/home/users'

[blu]
allowed         : + ['ping'] - ['ls']
path            : - ['/usr/local']
strict          : 1
scpforce        : '/home/blu/uploads/'
# CONFIURATION END
Add a custom footer
Add a custom sidebar
Clone this wiki locally