OpenWrt Forum Archive

Topic: how to restrict shell just to one command for an openwrt user?

The content of this topic has been archived on 24 Mar 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

Hi, I have created unprivileged user for ssh tunneling (to encrypt vnc) using putty. It works fine, but even unprivileged user can read many config files and execute all kinds of stuff from the shell, which is what I'd like to restrict. Is it possible (and how?) to restrict some user to run only one command just to be able to establish ssh tunnels, but not anything else?

The one enabled command would probably be ssh, but I don't know what is executed behind the scenes when tunnel is established and putty forwards vnc connection via ssh tunnel to openwrt and then vnc server, both running in the remote network.

Thank you.

(Last edited by nozombian on 10 Feb 2018, 21:12)

Just a tip: the last field at "/etc/passwd" is the executable that will be launched each time the user logs in; it can be a shell, a restricted shell, or something else.

The discussion might have continued from here.