All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Possible to limit user's ability to execute predefined list of commands?
Was wondering if it was at all possible to limit a particular user to be able to only issue a predefined list of commands.
For example, I guess the simplest explanation of this would be setting up the user 'monitor' on your server. So when user 'monitor' logs in, the only commands that could be ran would htop, free -m, ps -aux, etc. Basically just basic commands that are used to monitor available resources or see bottlenecks and system health.
I'm asking, only because I think it would be good for staff that may not necessarily 'need' (or you do not want to give or trust with) full root access or the ability to issue commands that can actually change things on the system. Rather, this way they could just log in and view things as needed without the need of having some web based script showing these things.
I know how to give certain users full ROOT privileges, but I have no idea how to give a user just a very small list privileges of doing pretty much nothing other than checking some very basic things.
Comments
File permissions, user/group ownership, and command paths. A combination of those 3 will get you the desired result.
Example : Create a /usr/rbin (restricted binaries), copy only those executables you want to, set the right permissions, groups, and paths.
Remove /usr/bin/ and /usr/sbin from the desired path. Change permissions and ownership of those directories. Now those executable are not accessible by your restricted user.
A caution is that there are plenty of executables in those /usr/bin/ and /usr/sbin directories that your user will need access to to simply to run the shell. So be careful what you do and don't give access to.
You can also consider specifying allowed commands in ~/.ssh/authorized_keys, and/or /etc/sudoers.
lshell is what you're looking for