The environment is Ubuntu Server 12.04
I would like to create a user on a server that is only able to ssh into a shell that runs tail -f on a log file and closes the session once the program ends (ctrl+c).
Is there a way to achieve this?
linuxshellsshUbuntu
The environment is Ubuntu Server 12.04
I would like to create a user on a server that is only able to ssh into a shell that runs tail -f on a log file and closes the session once the program ends (ctrl+c).
Is there a way to achieve this?
Best Answer
To be pedantic, it won't be ctrl+c, but
SIGHUP
(closer to ctrl+d) that kills the app.You can put essentially whatever you want in the user's shell in
/etc/passwd
. Simply replace the default on the user's passwd line (probably/bin/bash
) with another program. That program can be a script, such as/usr/bin/tail_log_file
, with these contents, owned by root:root, with umode 0755:You can use some interpreter other than rbash, but it is advisable to use a restricted shell in such cases.
To be extremely pedantic about it, you should add the script's path to
/etc/shells
, but I usually find it works anyway.Keep in mind also that the user could potentially put the script in the background, or use some options (
ssh username@host bash
) and still acquire a shell. If you want to restrict the user in such ways, good filesystem permissions are the only real solution.