Bug#503437: RFP: lshell -- Limited Shell (lshell) provides a limited shell configured to each user
Hello,
I don't know if defending my own piece of software is relevant or not.
But here is a brief answer to your question.
> What's the advantage of lshell compared to rbash[1] ?
To sum it up, I think that lshell is more flexible than rbash.
Here are some of the features it offers:
- restrict users to set of commands
- enable/disable sets of commands over ssh (e.g. scp, sftp, rsync etc.)
- allow user to access a list of allowed path/directories (when
attempting to access to a forbidden, user is warned)
- set a max number of warnings, above which user is kicked out
(action is logged)
- log all users commands
- timing restriction (exits user once timer is out)
- force the scp destination directory
- forbids shell escapes
These options are configurable by user/group.
In rbash, a set of rules are "hardcoded" as, for example, "specifying
command names containing /" or "changing directories with cd",
whereas, in this particular case, lshell allows you to set a list of
allowed path the user/group is allowed to "cd" to.
I hope this answers your question.
As lshell has been update since the RFP, here is the up-to-date information:
* Package name : lshell
Version : 0.9.3
Upstream Author : ghantoos <ghantoos@ghantoos.org>
* URL : http://ghantoos.org/limited-shell-lshell/
* License : GPL
Programming Lang: Python
Description : Limited Shell (lshell) provides a limited shell
configured to each user
Best regards,
Ignace M -ghantoos-
Reply to: