Change the login-shell for the users from bash to rbash (resp. bash -r or bash --restricted), and set their PATH-variable according, so that they can only execute certain commands. This will run bash in restricted mode.
from man bash:
Quote:
6.10 The Restricted Shell
If Bash is started with the name rbash, or the `--restricted' or `-r' option is supplied at invocation, the shell becomes restricted. A restricted shell is used to set up an environment more controlled than the standard shell. A restricted shell behaves identically to bash with the exception that the following are disallowed or not performed:
* Changing directories with the cd builtin.
* Setting or unsetting the values of the SHELL, PATH, ENV, or BASH_ENV variables.
* Specifying command names containing slashes.
* Specifying a filename containing a slash as an argument to the . builtin command.
* Specifying a filename containing a slash as an argument to the `-p' option to the hash builtin command.
* Importing function definitions from the shell environment at startup.
* Parsing the value of SHELLOPTS from the shell environment at startup.
* Redirecting output using the `>', `>|', `<>', `>&', `&>', and `>>' redirection operators.
* Using the exec builtin to replace the shell with another command.
* Adding or deleting builtin commands with the `-f' and `-d' options to the enable builtin.
* Using the enable builtin command to enable disabled shell builtins.
* Specifying the `-p' option to the command builtin.
* Turning off restricted mode with `set +r' or `set +o restricted'.
These restrictions are enforced after any startup files are read.
When a command that is found to be a shell script is executed (see section 3.8 Shell Scripts), rbash turns off any restrictions in the shell spawned to execute the script.
[/b]
|
If you want even more control, you can substitute the login-shell by a completely different program, that e.g. presents a menu and lets the user only select from certain programs.
02-Aug-2007, 04:46
Linear Mode
