granularity of access and use in lshell

[ximad]

Hello ,

I have a user called naruto , we do ssh naruto@box , naruto have a lshell

In box , i want :

• no shell for user , just command execution , and if something is not defined it's "no"
• in /directory/rep1 , i want naruto can only execute some of the scripts
• in /directory3/rep2 and recursive , i want naruto can execute all scripts in them
• in /directory4/rep3 , i want naruto read and write only

I think that this mix is not easy to put in a lshell.conf , especially

• in /directory3/rep2 and recursive , i want naruto can execute all scripts in them

Some have clue / ideas ? :)

IS

[ghantoos]

no shell for user , just command execution , and if something is not defined it's "no"

You can do this by defining it in the authorized_keys file. I'm not sure this is specific to lshell

in /directory/rep1 , i want naruto can only execute some of the scripts

You will have to list the scripts by hand in the "allowed" variable.

in /directory3/rep2 and recursive , i want naruto can execute all scripts in them

You can add all the directories in the "allowed_cmd_path" variables.

in /directory4/rep3 , i want naruto read and write only

This will have to be done with the regular POSIX rights

Tell me if you need more info.

Cheers, Ignace M