如何让用户通过shell命令和目录限制SSH服务器?
我的情况我使用git将代码部署到我的服务器。我有2个服务器,第一个是产品服务器,第二个是git服务器。
我的团队使用git服务器来推/推代码。 $ b
在我的产品服务器上,我设置了git客户端。每当我想发布一个版本,我把它推到我的git服务器(主或其他分支......),然后我ssh到我的产品服务器拉代码。
我想与我的队友分享代码拉取权限,但不希望允许他们运行任何命令,但 ,并将其限制在一个目录中。
我想限制的目录的所有者是apache:apache,所以如果ssh用户通过apache特权运行,它将会非常好。
谢谢您,
解决:我使用解决方案
一个简单的命令用于禁用在git用户中的shell是用 / usr / bin / git-shell 替换 / usr / bin / bash 。将其替换为/ etc / password文件或使用以下命令:
usermod -s / usr / bin / git-shell [用户名]请从官方Git网站查看此文档:设置服务器。 如果你想在它上面有一个shell但是将它限制在一个目录中,可以使用其他信息: rbash 。与git-shell相同,只需用它替换用户shell即可。
My question ishow can I allow an user to ssh to my server with limitation to a shell command and a directory?
My situationI'm using git to deploy code to my Server. I have 2 servers, 1st one is product server, 2nd one is a git server.
My team use git server to pull/push code.
At my product server, I setup git client. Whenever I want to publish a version, I push it to my git server (master or other branches ...), then I ssh into my product server to pull the code.
I want to share the code pulling privilege with my teammates, but don't want to allow them to run any command but git, and limit them in a directory only.
The owner of directory that I want to limit is apache:apache, so it will be very good if the ssh user run by apache privilege.
Thank you,
Solved: I've used lshell with a limit set of commands.
解决方案A simple command to disable the shell in a git user is to replace the /usr/bin/bash with /usr/bin/git-shell. Replace it in the /etc/password file or using the command:
usermod -s /usr/bin/git-shell [username]Check this document from the official Git website: Setting Up the Server. Additional info if you want to have a shell on it but limiting it to a directory use: rbash. Same as git-shell just replace the user shell with it.
更多推荐
将SSH用户限制为shell命令
发布评论