search

ghantoos / lshell

lshell is a shell coded in Python, that lets you restrict a user's environment to limited sets of commands, choose to enable/disable any command over SSH (e.g. SCP, SFTP, rsync, etc.), log user's commands, implement timing restriction, and more.
GNU General Public License v3.0
435 stars 112 forks source link

Unable to allow one-liners that contain pipe character #163

Open hendralinux opened 7 years ago

hendralinux commented 7 years ago

I'm planning to use lshell to restrict the netdump user in RHEL 7. When setting up kdump, the kdumpctl propagate will execute the following command:

exec sh -c 'umask 077; mkdir -p .ssh && cat >> .ssh/authorized_keys || exit 1; if type restorecon >/dev/null 2>&1; then restorecon -F .ssh .ssh/authorized_keys; fi'"

and failed with the *** forbidden char/command over SSH: error, even after allowing everything used by that command in the lshell.conf.

Any suggestion on how to make this work?

acataluddi commented 7 years ago

Hello @hendrahendra, by the lshell configuration you can disable some chars like in the following example:

[default]
allowed         : ['ls','pwd']
forbidden       : [';', '&', '|']

Could it be that you restricted the pipe | char in your /etc/lshell.conf?

Regards, Adriano