rbash(restricted bash),即受限制的 bash,对于用作中转服务器,还是很不错滴。
rbash 支持 debian 以及 rh。rbash 只是 bash 的一个软链接。除了这里提到的几个方面之外,它跟
bash 一样。
* changing directories with cd * setting or unsetting the values of SHELL, PATH, ENV, or BASH_ENV * specifying command names containing / * specifying a file name containing a / as an argument to the . builtin command * Specifying a filename containing a slash as an argument to the -p option to the hash builtin command * importing function definitions from the shell environment at startup * parsing the value of SHELLOPTS from the shell environment at startup * redirecting output using the >, >|, <>, >&, &>, and >> redirection operators * using the exec builtin command to replace the shell with another command * adding or deleting builtin commands with the -f and -d options to the enable builtin command * Using the enable builtin command to enable disabled shell builtins * specifying the -p option to the command builtin command * turning off restricted mode with set +r or set +o restricted.
利用以上这些特性,用于中转服务器,限制用户使用其他命令!
目的:用户只能使用ssh命令,其余命令(内置命令除外)都不能使用。
过程:
ln -s /bin/bash /bin/rbash adduser test -s /bin/rbash -d /home 随便拿一个用户的.bashrc至/home 系统默认的$PATH变量定义取消,定义自己的$PATH echo “export PATH=/home/rbin” >> /home/.bash_profile mkdir /home/rbin chown -R root.root .bashrc .bash_profile chmod 644 .bash_profile .bashrc 让用户使用ssh命令,加个软链接,其余的同理: ln -s /usr/bin/ssh /home/rbin/ssh