Configuration
lshell needs a configuration file to start. By default, you can find lshell.conf in:
on LINUX |
/etc/lshell.conf |
on *BSD |
/usr/{pkg,local}/etc/lshell.conf |
lshell configuration file includes 4 possible sections:
[global] |
lshell system configuration (applies to all users, mandatory) |
[default] |
lshell default user configuration (applies to all users) |
[blah] |
UNIX username "blah" specific configuration (applies only to user blah, more than one [user] section can be added) |
[grp:blahgroup] |
UNIX groupname "blahgroup" specific configuration (applies only to users in the blahgroup group, more than one [grp:groupname] section can be added) |
[global] Section
This section set lshell fonctionnal variables:
logpath : config path (default is /var/log/lshell/)
loglevel : 0, 1, 2, 3 or 4 (0: no logs -> 4: logs everything)
logfilename : set log file name, e.g. %u-%y%m%d (i.e foo-20091009.log)
%u
username
%d
day [1..31]
%m
month [1..12]
%y
year [00..99]
%h
time [00:00..23:59]
[default], [username] and [grp:groupname] Sections
The 3 type of sections are configured using the same. Order of priority when loading preferences is the following:
1 |
User configuration |
2 |
Group configuration |
3 |
Default configuration |
This means that [username] section overrides [grp:groupname] section, which overides the [default] section. (if this is clear..)
Here is the list of the keys used to configure every section:
aliases : command aliases list (similar to bash's alias directive)
allowed : a list of the allowed commands or 'all' to allow all commands in user's PATH
env_path : update the environment variable $PATH of the user
forbidden : a list of forbidden character or commands
history_file : set the history filename. A wildcard can be used:
%u -> username (e.g. '/home/%u/.lhistory')
history_size : set the maximum size (in lines) of the history file
home_path : set the home folder of your user. If not specified, the home_path is set to the $HOME environment variable. A wildcard can be used:
%u -> username (e.g. '/home/%u')
- This variable will be removed in the next version of lshell, please use your system's tools to set a user's home directory.
intro : set the introduction to print at login
passwd : password of specific user
path : list of path to restrict the user geographically
overssh : list of command allowed to execute over ssh (e.g. rsync, rdiff-backup, scp, etc.)
scp : allow or forbid the use of scp connection - set to 1 or 0
scpforce : force files sent through scp to a specific directory
scp_download : set to 0 to forbid scp downloads (default is 1)
scp_upload : set to 0 to forbid scp uploads (default is 1)
sftp : allow or forbid the use of sftp connection - set to 1 or 0
sudo_commands : a list of the allowed commands that can be used with sudo(8)
timer : a value in seconds for the session timer
strict : logging strictness. If set to 1, any unknown command is considered as forbidden, and user's warning counter is decreased. If set to 0, command is considered as unknown, and user is only warned (i.e. *** unknown synthax)
warning_counter : number of warnings when user enters a forbidden value before getting exited from lshell.