On Fri, 24 Aug 2001, Mike_Bradz wrote:
is it possible to restrict the user to run only specific commands the least possible.
You want to use a restricted shell. bash is a restricted shell if you rename it to rbash (ya, it's that simple) or call it with the -r flag. An easy way to rename it is to create a symlink to bash called rbash:
% cd /bin % ln -s bash rbash
You set the user's shell as /bin/rbash In the user's .bash_profile file, set his path. Ideally, you want to create a subdirectory called bin in the user's home directory (/home/temp/bin in your case), and put whatever binaries are to be executed in there, including the actual binary of rbash (not the symlink).
You could chroot if you want to, but that isn't necessary if you use rbash, since cd is not allowed. The user can also not change preset environment variables, so set anything that you don't want them to change. Do all this in the .bash_profile file
Philip