This repository was archived by the owner on Dec 13, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathREADME
More file actions
37 lines (29 loc) · 1.23 KB
/
README
File metadata and controls
37 lines (29 loc) · 1.23 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
menush.rb
Use in place of a full-featured shell to allow a user access to only
a pre-determined set of commands. Designed for limited access to web
servers, shared systems, or admin/debugging consoles.
Menus are defined in a YAML file containing an array of hashes; each
item in the array will be displayed as an option in the menu, and the
hash should define the 'prompt' and 'path' keys. The 'defaults' key is
optional, and provides a list of command-line arguments to be passed
to the command; the 'allow_args' key establishes whether to prompt the
user for additional arguments before launching the command.
Example menu definition:
---
- path: /usr/bin/uptime
prompt: "Check system uptime"
- path: /bin/cat
prompt: "Display MOTD"
defaults: /etc/motd
- path: /bin/uname
prompt: "Display uname flags"
allow_args: true
- path: /usr/bin/vim
prompt: "Edit a file"
allow_args: true
Once configured, just add menush.rb to the list of valid login shells
in /etc/shells, and then change the user's /etc/passwd entry to use it
in place of bash (or whatever shell they had been using).
See rcoder's blog post for more details:
http://rcoder.net/content/granting-just-enough-power-but-no-more
Depends on the HighLine gem and the Ruby stdlib.