Creating a Custom OpenSSH Shell on Linux

linuxshellsshUbuntu

The environment is Ubuntu Server 12.04

I would like to create a user on a server that is only able to ssh into a shell that runs tail -f on a log file and closes the session once the program ends (ctrl+c).

Is there a way to achieve this?

Best Answer

To be pedantic, it won't be ctrl+c, but SIGHUP (closer to ctrl+d) that kills the app.

You can put essentially whatever you want in the user's shell in /etc/passwd. Simply replace the default on the user's passwd line (probably /bin/bash) with another program. That program can be a script, such as /usr/bin/tail_log_file, with these contents, owned by root:root, with umode 0755:

#!/bin/rbash
tail -f /path/to/logfile

You can use some interpreter other than rbash, but it is advisable to use a restricted shell in such cases.

To be extremely pedantic about it, you should add the script's path to /etc/shells, but I usually find it works anyway.

Keep in mind also that the user could potentially put the script in the background, or use some options (ssh username@host bash) and still acquire a shell. If you want to restrict the user in such ways, good filesystem permissions are the only real solution.

Related Topic