Tag Archives: restrict user in linux

Add restricted user in linux manually.

The code below will only allow the following commands.
ping
ssh
telnet
traceroute
ifconfig
route


Add_Restricted_User.sh


#!/bin/sh
# Add restricted user in linux manually.
# August 13, 2015
# Created by Rodel

for a in `cat /opt/scripts/Add_Restricted_User/serverlist.txt`;
do
for b in `cat /opt/scripts/Add_Restricted_User/usernames.txt`;
do echo $a $b; ssh $a "useradd -s /bin/rbash '$b'; echo -e '$b:mypassword' | chpasswd;\
cd /home/$b;\
rm -rf .bash_logout .bash_profile .bashrc .profile .bash_login .emacs .mozilla;\
mkdir /home/$b/bin;\
cd /home/$b/bin;\
ln -s /bin/ping ping;\
ln -s /usr/bin/ssh ssh;\
ln -s /usr/bin/telnet telnet;\
ln -s /bin/traceroute traceroute;\
ln -s /sbin/ifconfig ifconfig;\
ln -s /sbin/route route;\
chmod 2070 -R /home/$b;\
chown root:$b /home/$b;\
chown root:root /home/$b/bin -Rf;\
chmod -Rf 755 /home/$b/bin;\
chmod u+s /home/$b/bin/ping;"
rsync -azP .profile root@$a:/home/$b;\
ssh $a "chown root:$b /home/$b/.profile && chmod 750 /home/$b/.profile";done
done

.profile environmental settings.
export PATH=$HOME/bin
export PS1="[\u@\h \W]$ "
export HISTTIMEFORMAT='%Y-%m-%d %H:%M:%S - '
export PROMPT_COMMAND='history -n;history -a'
export HISTSIZE=10000
alias netinfo='echo -e "Ifconfig\n"; ifconfig -a; echo -e "Route\n"; route -n'
alias alias=""

readonly PROMPT_COMMAND
readonly HISTSIZE
readonly HISTFILE
readonly HOME
readonly HISTIGNORE
readonly HISTCONTROL
echo -e "\nAvailable Commands:\nping\nssh\ntelnet\ntraceroute\nnetinfo - print network info\n\n"