search

ghantoos / lshell

lshell is a shell coded in Python, that lets you restrict a user's environment to limited sets of commands, choose to enable/disable any command over SSH (e.g. SCP, SFTP, rsync, etc.), log user's commands, implement timing restriction, and more.
GNU General Public License v3.0
436 stars 112 forks source link

Login_script support #30

Closed debackel closed 11 years ago

debackel commented 11 years ago

This patch provides the ability to define a script which will be executed just after login into lshell.

ghantoos commented 11 years ago

Hi Laurent,

Thank you for taking the time to write this patch.

I have applied your diff locally and tested it. The issue I am encountering is that I am to add the "myscript.sh" to my user's allowed commands in order for it to be executed. Otherwise, I get a:

*** unknown command: /home/ghantoos/src/lshell/myscript.sh

In order to remove this dependency, I have added the following before the while loop

if self.conf['login_script']:
    os.system(self.conf['login_script'])

I will pull your request than apply my changes.

If you have any suggestion, don't hesitate. :)

Thanks again.

ghantoos commented 11 years ago

Here is the correction I have committed after pulling your code.

https://github.com/ghantoos/lshell/commit/4039b67d8209f70ce90e7d8266ef35fdd1f3f91d

Cheers, Ignace M

debackel commented 11 years ago

Hi,

Thank YOU for this great piece of software and for taking my patch into account.

I agree with your view that the login script should be n the allowed commands.

I was hoping to have afind a way to exit the session when

2013/1/2 Ignace Mouzannar notifications@github.com

Hi Laurent,

Thank you for taking the time to write this patch.

I have applied your diff locally and tested it. The issue I am encountering is that I am to add the "myscript.sh" to my user's allowed commands in order for it to be executed. Otherwise, I get a:

*\ unknown command: /home/ghantoos/src/lshell/myscript.sh

In order to remove this dependency, I have added the following before the while loop

if self.conf['login_script']: os.system(self.conf['login_script'])

I will pull your request than apply my changes.

If you have any suggestion, don't hesitate. :)

Thanks again.

— Reply to this email directly or view it on GitHubhttps://github.com/ghantoos/lshell/pull/30#issuecomment-11826926.

debackel commented 11 years ago

=> Sorry, wrong key pressed the first time <=

Hi

Thank YOU for this great piece of software and for taking my patch into account. I agree with your view that the login script should be in the allowed commands. I was also hoping to have a find a way to exit the session when the script ends. The purpose is to only open the session for the purpose of letting specific people to use a specific script. And nothing more...

Our case is to allow customer care operators to have access to a provisioning script installed on a Linux server, but to that script only.

If you have a suggestion, I'd be interested.

Thanks again for your help.

Best regards,

Laurent.

2013/1/4 laurent debacker laurent.debacker@gmail.com

Hi,

Thank YOU for this great piece of software and for taking my patch into account.

I agree with your view that the login script should be n the allowed commands.

I was hoping to have afind a way to exit the session when

2013/1/2 Ignace Mouzannar notifications@github.com

Hi Laurent,

Thank you for taking the time to write this patch.

I have applied your diff locally and tested it. The issue I am encountering is that I am to add the "myscript.sh" to my user's allowed commands in order for it to be executed. Otherwise, I get a:

*\ unknown command: /home/ghantoos/src/lshell/myscript.sh

In order to remove this dependency, I have added the following before the while loop

if self.conf['login_script']: os.system(self.conf['login_script'])

I will pull your request than apply my changes.

If you have any suggestion, don't hesitate. :)

Thanks again.

— Reply to this email directly or view it on GitHubhttps://github.com/ghantoos/lshell/pull/30#issuecomment-11826926.

ghantoos commented 11 years ago

Are you looking for the script to run at login, then exit the SSH session?

debackel commented 11 years ago

Yes indeed.

2013/1/4 Ignace Mouzannar notifications@github.com

Are you looking for the script to run at login, then exit the SSH session?

— Reply to this email directly or view it on GitHubhttps://github.com/ghantoos/lshell/pull/30#issuecomment-11885591.

ghantoos commented 11 years ago

One technique is to set the "timer" variable to "1", this way the session is closed after one second.

Otherwise, you can configure that via the .ssh/authorized_keys file, this would not require lshell, e.g:

command="yourscript.sh",no-port-forwarding,no-X11-forwarding,no-agent-forwarding ssh-dss .....
debackel commented 11 years ago

Hi Ignace,

The timer to 1 does the job.

Great! Thank you!

And again, thanks for this great piece of software!

Laurent.

2013/1/4 Ignace Mouzannar notifications@github.com

One technique is to set the "timer" variable to "1", this way the session is closed after one second.

Otherwise, you can configure that via the .ssh/authorized_keys file, this would not require lshell, e.g:

command="yourscript.sh",no-port-forwarding,no-X11-forwarding,no-agent-forwarding ssh-dss .....

— Reply to this email directly or view it on GitHubhttps://github.com/ghantoos/lshell/pull/30#issuecomment-11890599.

ghantoos commented 11 years ago

Excellent! :)