You are not logged in.
- Topics: Active | Unanswered
#1 2015-12-08 23:43:33
- superllama
- Member
- Registered: 2014-06-19
- Posts: 6
SSH-based wizards with special user and ~/.profile script?
I'm working on a minimalist server that's only supposed to be able to do a few things. Naturally, I turned to Arch as my favorite install-what-you-want Linux distro, which I've had a great time with on my personal machines so far.
My question is, is it possible to limit the options of a specific SSH-enabled user so much that they can only choose certain options in a shell-based wizard that asks them to enter numbers or values, then automatically kick them back out when they've done what they need to do? If I created a ~/.profile script for the user (and made sure no alternative shells were installed that could circumvent it if they specified a different shell in SSH), which asked them the questions and did what needs to be done, then exits at the end, would that be something that could easily be broken out of, or is that actually more or less secure? I'm imagining having a "configure" user with a special password, that can only configure settings on the server via the scripted wizard and nothing else. I may still do it for simplifying administrative tasks since my co-workers are not linux experienced and I don't want to have to do everything myself, but it'd be nice to know if it's easy to escape from in case I ever decide to use the technique for something more publicly accessible.
I've googled quite a bit and haven't found anyone else trying to do this particular thing so I thought I'd ask here. I apologize in advance if this is a stupid question or wouldn't even function how I expect, I haven't had the chance to try it out yet and see if it works because of other projects with closer deadlines, but I'd like to get some feedback on this so I can know if I need to research other alternatives going forward.
Thanks!
Last edited by superllama (2015-12-08 23:44:34)
Offline
#2 2015-12-08 23:56:51
- jasonwryan
- Anarchist
- From: .nz
- Registered: 2009-05-09
- Posts: 30,426
- Website
Re: SSH-based wizards with special user and ~/.profile script?
Offline
#3 2015-12-09 14:28:30
- superllama
- Member
- Registered: 2014-06-19
- Posts: 6
Re: SSH-based wizards with special user and ~/.profile script?
That's not quite what I'm asking-- I'm not wanting the user to ever be presented with a shell at all, only run a preset script and then be kicked again. It's for people who are command-line-averse and would prefer to just answer questions one after the other and then quit without having to know any commands, like what happens after you enter "n" to fdisk and it asks you questions about the partition you want to create. Thanks for the link though, I'll check that out as an alternative if what I'm wanting to do turns out not to work.
Offline
#4 2015-12-09 14:34:04
- Awebb
- Member
- Registered: 2010-05-06
- Posts: 6,688
Re: SSH-based wizards with special user and ~/.profile script?
In the useradd manpage, read what --shell does.
Offline