• Main Menu
  • Linux Restricted Shell


    The idea of a restricted shell first arose in the Unix operating system in order to prevent the end-user from doing as many operations as a normal shell allows. A restricted shell lets the administrator control the end-user’s computing environment by only permitting explicitly used commands to be used. The Linux restricted shell (rssh) is similar, but only a minimum command set is enabled for the end-user. When installed, the default configuration is to remove all access and capabilities until the configuration file is modified by the admin. In the past, if no configuration file was included with the rssh installation, SCP would be enabled by default for all users. This was changed recently, and there is no access for any end-user until the configuration file is created.

    What Commands Must Be Enabled in RSSH?

    At a minimum, one of the following commands must be made available to the end-user in rssh:

    Backup utility – rdist

    Control Version System (CVS) – cvs

    Secure copy – scp

    Secure FTP – sftp

    Sync filesystem – rsync

    How Do I Install rssh?

    There are essentially three ways to install rssh. However, installation depends on the type of Linux being used.

    Fedora – Rssh is available through Yum. The command to enter for installation is:

    yum install rssh

    Debian – Available through apt-get. The command to install is:

    apt-get install rssh

    Download from dragonToe.org/rssh on other builds of Linux.

    How to Modify the rssh Configuration File

    Step 1– Locate the rsh configuration file located in “/etc/rssh.conf”

    Step 2 – Modify the file to permit SFTP on the server by removing the comment on the

    “allowsftp” line. If this line is not commented out, add it at the top of the file.

    Step 3 – Add at least one user (e.g. Mike) by entering the following line to the config file:

    useradd -m -d /home/mike -s /usr/bin/rssh mike

    Step 4 – Alternatively, for an existing user, use the chmod command to assign the rssh to the user:

    usermod -s /usr/bin/rssh mike

    Step 5 – Save the configuration file and rssh will be installed with the targeted capability(ies) for the end-users added in the file.

    Got Something To Say:

    Your email address will not be published. Required fields are marked *

    Unix
    171 queries in 0.526 seconds.