I just searched on this page, but the answer does not meet my idea. My idea is when user called Bob access ssh and run a command, for example sudo apt-get update, then the bash sheell will respond with sudo: command not found. How to make this happen instead of using lsh (limited shell)?
Asked
Active
Viewed 1,251 times
-2
user5254824
- 3
- 2
-
1Why do you want to have it respond `sudo: command not found`. Do you want to control access to privileged operations? If so then you should just configure `sudo` (with `visudo`) to allow/deny it as appropriate. Otherwise you can play games with different users' `$PATH` so that some commands are absent from the `$PATH` for certain users but not others, but then they can always call the commands directly with full pathnames or install their own versions. – Celada Sep 02 '15 at 01:51
-
In short, [what are you really trying to achieve here?](http://meta.stackexchange.com/questions/66377/what-is-the-xy-problem) – Celada Sep 02 '15 at 01:52
1 Answers
2
Basically, you are talking about a chroot environment, when a user or group meets some usage restrictions by having only specific binaries and configs in their directory root level. It is possible to configure sshd to do that.
/etc/ssh/sshd_config options:
Match user john
ChrootDirectory /var/john/
Put /bin, /etc, /sbin, /usr and other required elements to their chroot directories and here you are.
Take a look at this article, it may help as well.
Tim
- 301
- 1
- 4