GitHub - rcoder/menush: Alternate login shell which restricts users to a preset list of commands

This repository has been archived by the owner on Dec 13, 2023. It is now read-only.

rcoder / menush Public archive

Notifications You must be signed in to change notification settings
Fork 1
Star 3

Alternate login shell which restricts users to a preset list of commands

Notifications

Name		Name	Last commit message	Last commit date
Latest commit History 12 Commits
README		README
menush.rb		menush.rb

Repository files navigation

menush.rb 

Use in place of a full-featured shell to allow a user access to only
a pre-determined set of commands. Designed for limited access to web
servers, shared systems, or admin/debugging consoles.

Menus are defined in a YAML file containing an array of hashes; each
item in the array will be displayed as an option in the menu, and the
hash should define the 'prompt' and 'path' keys. The 'defaults' key is 
optional, and provides a list of command-line arguments to be passed 
to the command; the 'allow_args' key establishes whether to prompt the
user for additional arguments before launching the command.

Example menu definition:

---
- path: /usr/bin/uptime
  prompt: "Check system uptime"
- path: /bin/cat
  prompt: "Display MOTD"
  defaults: /etc/motd
- path: /bin/uname
  prompt: "Display uname flags"
  allow_args: true
- path: /usr/bin/vim
  prompt: "Edit a file"
  allow_args: true

Once configured, just add menush.rb to the list of valid login shells
in /etc/shells, and then change the user's /etc/passwd entry to use it
in place of bash (or whatever shell they had been using).

See rcoder's blog post for more details:

http://rcoder.net/content/granting-just-enough-power-but-no-more

Depends on the HighLine gem and the Ruby stdlib.