整个配置的命令如下(主要使用了:Linux bash受限的shell(RESTRICTED SHELL))
步骤
#1.创建只读shell(这步可以省略)
ln -s /bin/bash /bin/rbash
#2.创建用户并指定用户启动执行的shell
useradd -s /bin/bash readonly
这步不要指定rbash,否侧cd等內建命令无法使用
#3.修改用户密码
passwd readonly
#4.创建用户shell执行命令目录
mkdir /home/readonly/.bin
#5.root修改用户的shell配置文件
chown root. /home/readonly/.bash_profile chmod 755 /home/readonly/.bash_profile
并设置文件不可删除权限
chattr -i /home/readonly/.bash_profile
#6.将允许执行的命令链接到$HOME/.bin目录
ln -s /usr/bin/wc /home/readonly/.bin/wc
ln -s /usr/bin/tail /home/readonly/.bin/tail
ln -s /bin/more /home/readonly/.bin/more
ln -s /bin/cat /home/readonly/.bin/cat
ln -s /bin/grep /home/readonly/.bin/grep
ln -s /bin/find /home/readonly/.bin/find
ln -s /bin/pwd /home/readonly/.bin/pwd
ln -s /bin/ls /home/readonly/.bin/ls
ln -s /usr/bin/less /home/readonly/.bin/less
ln -s /bin/tar /home/readonly/.bin/tar
#7.修改bash配置文件,主要是指定PATH的读取
vi /home/readonly/.bash_profile # .bash_profile # Get the aliases and functions if [ -f ~/.bashrc ]; then . ~/.bashrc fi # User specific environment and startup programs
#PATH=$PATH:$HOME/bin
PATH=$HOME/.bin
export PATH
#切换到只读账号使环境变量生效 su - readonly source /home/readonly/.bash_profile
转自
Linux只读账号配置-天道酬勤-51CTO博客 http://blog.51cto.com/4543647/1951626
Linux内建命令和外部命令(整理) - holybin的专栏 - CSDN博客 https://blog.csdn.net/holybin/article/details/24230747
Linux进阶之 which 命令 - 小桥流水丶 - CSDN博客 https://blog.csdn.net/Ivy___/article/details/77985881