List of allowed commands to run
perret.yannick
perret.yannick at free.fr
Sat May 19 08:23:29 EST 2007
Peter Stuge wrote:
> On Sat, May 19, 2007 at 12:00:30AM +0200, perret.yannick wrote:
>
>> In this case we should use the ForceCommand to set the restricted
>> shell, right?
>>
>
> No, you configure the restricted shell for the user.
>
> sshd calls the user's shell any time it shall execute something.
>
> The user's shell does the validation.
>
> Needless to say (I will anyway to make sure) the user must not be
> allowed to change the shell with such a configuration.
>
Ok. So this is not a solution for us.
Users are defined through AFS and the associated NIS table, and shells
cannot be defined locally (too many users, changing too often).
The restrictions we want to set are for a subset of machines that do have
AFS but on which "basic" users are not allowed to log on (but of course
other users can log on, using AFS).
We are trying to allow them to use a subset of commands, and they must
use their own account (for unix and AFS restriction) for that.
Regards,
--
Yannick Perret
More information about the openssh-unix-dev
mailing list