only allow a command with parameters

ghantoos / lshell

lshell is a shell coded in Python, that lets you restrict a user's environment to limited sets of commands, choose to enable/disable any command over SSH (e.g. SCP, SFTP, rsync, etc.), log user's commands, implement timing restriction, and more.

GNU General Public License v3.0

435 stars 112 forks source link

only allow a command with parameters #168

Open dt-flo opened 7 years ago

dt-flo commented 7 years ago

Hey,

This topic sounds a little bit weird, but i think the idea behind that is appropriate. Currently when i use the following in my config: allowed : ['telnet'] the command "telnet" works without any problems. But now i want telnet to be restricted only to connect to localhost which can be done by "telnet localhost". So i tried to add "telnet localhost" to the only allowed command: allowed : ['telnet localhost'] Now when i enter "telnet localhost" the following occurs: lshelltestacc:~$ telnet localhost *** forbidden command: telnet

This occurs because the command "telnet" is blocked. Is there a way to only allow "telnet localhost"?

xiapoy commented 7 years ago

I am running the same issue with the shell command top. I want to restrict it to:

top -u `whoami`

In my config file, I added:

allowed : ['top -u `whoami`']

But I also got the *** forbidden command output.