整個配置的命令如下(主要使用了:Linux bash受限的shell(RESTRICTED SHELL))
步驟
#1.創建只讀shell(這步可以省略)
ln -s /bin/bash /bin/rbash
#2.創建用戶並指定用戶啟動執行的shell
useradd -s /bin/bash readonly
這步不要指定rbash,否側cd等內建命令無法使用
#3.修改用戶密碼
passwd readonly
#4.創建用戶shell執行命令目錄
mkdir /home/readonly/.bin
#5.root修改用戶的shell配置文件
chown root. /home/readonly/.bash_profile chmod 755 /home/readonly/.bash_profile
並設置文件不可刪除權限
chattr -i /home/readonly/.bash_profile
#6.將允許執行的命令鏈接到$HOME/.bin目錄
ln -s /usr/bin/wc /home/readonly/.bin/wc ln -s /usr/bin/tail /home/readonly/.bin/tail ln -s /bin/more /home/readonly/.bin/more ln -s /bin/cat /home/readonly/.bin/cat ln -s /bin/grep /home/readonly/.bin/grep ln -s /bin/find /home/readonly/.bin/find ln -s /bin/pwd /home/readonly/.bin/pwd ln -s /bin/ls /home/readonly/.bin/ls ln -s /usr/bin/less /home/readonly/.bin/less ln -s /bin/tar /home/readonly/.bin/tar
#7.修改bash配置文件,主要是指定PATH的讀取
vi /home/readonly/.bash_profile # .bash_profile # Get the aliases and functions if [ -f ~/.bashrc ]; then . ~/.bashrc fi # User specific environment and startup programs
#PATH=$PATH:$HOME/bin
PATH=$HOME/.bin
export PATH
#切換到只讀賬號使環境變量生效 su - readonly source /home/readonly/.bash_profile
轉自
Linux只讀賬號配置-天道酬勤-51CTO博客 http://blog.51cto.com/4543647/1951626
Linux內建命令和外部命令(整理) - holybin的專欄 - CSDN博客 https://blog.csdn.net/holybin/article/details/24230747
Linux進階之 which 命令 - 小橋流水丶 - CSDN博客 https://blog.csdn.net/Ivy___/article/details/77985881