Hi all,
Is there any way to create linux user with access only one defined command? For example, I want new user has access only to ls command.
You could edit the user's personal profile (which on depends on the shell you assign) and trap them in a script. You could then prompt them for what they want to list and do just that, returning to your prompt. The only other option would be a quit where you would code a logout.
Does that theory meet your needs?
Robin
Did you consider a "restricted shell" (c.f. man bash: -r option)?
Not sure if you could place that command in field 7 (optional user command interpreter) of the /etc/passwd file in lieu of the usual shell?
You can put rbash in /etc/passwd instead of bash -r for this reason.
I agree that more explanation of the purpose behind this would be good.
chroot and FreeBDD jail(8) comes to mind here, although they will then have little to list in the jail unless you mount the folders of interest.
Perhaps you could write a script that prompts for the directory and does ls for them then set this as their .profile:
#!/bin/sh
trap "" 1 2 3 15
while true
do
printf "\nEnter directory to list (\"exit\" when done): "
read dir
[ "$dir" = "exit" ] && exit
ls -l "${dir}" | more
done
Or you could make a user whose shell is /bin/ls... and their home directory is the directory they're allowed to ls.
Thanks to all for the replies.
Was out for a week, thats why didn't respond in time.
Sorry for that.
Actually, what I need is to create user with access only to one special command :
ldapsearch (with parameters)
....and to the scripts which in user's home directory. That's all. No other commands should be available.
Which is most "normal" way to achieve it?
Problem has been solved.
New shell was created with access to necessary commands.
Thanks for helping.