Restrict shell commands… here is a solution to the problem.
Restrict shell commands
I created a username with a
bash shell – a normal shell with all commands available – but I intend to use this shell for backup services, it should only allow rsync
commands. So I’m trying to restrict this shell to only executing rsync
commands. How do I do this using .bash_profile
and .bashrc
?
Additional information: This shell is used only to back up files and folders. I used ssh
key to connect another shell to rsync
.
Solution
You can’t
– you can’t just use those files. Why not give them another shell with fewer options?
rssh is designed for this purpose.
Advantages of RSSH over authorized_keys limit (not all of them apply to or interest you):
- Can be used to control multiple users
- Restrictions are applied externally rather than from the user’s personal configuration – fewer opportunities for error allow them greater access
- Make it easier for chrooting users
- RSSH is not a generic shell, so even if misconfigured, the scope available to the user is much smaller than when bash + authorized_keys is misconfigured.