0

I am bundling my application binaries with ubutu. Now, when system loads and user logs in, I want user to execute only commands related to my application and 'ls', 'cd', or any other linux commands should not be available to execute.

Is there any simple solution to implement this?

Alpesh
  • 3
  • 3
  • 1
    Look into `rbash` – wjandrea Jan 10 '18 at 00:25
  • 1
    @WJAndrea - no it is too easy to break out of rbash. At the endo of the day, IMO, you have to restrict the user with apparmor. See https://askubuntu.com/questions/144211/restricting-ssh-users-to-certain-access-permissions and https://blog.cryptomilk.org/2011/09/02/jailbash/ . The apparmor profile is fairly easy to maintain, but you have to allow all the libs your application needs. – Panther Jan 10 '18 at 05:57
  • Unless you write your own limited shell, you're out of luck. – waltinator Jan 10 '18 at 15:20

0 Answers0