ProgrammingThis forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I am facing another issue in bash script. I am set up with private key/pub key authentication on server for my ID and has empty password.
Now I need to write a bash script where other users can use this private key to execute certain commands on remote server without providing password, but I do not want them to mis-use it and do not want them to use it for other purpose.
is this something can be achieved? I tried everything but no luck, I hope I can get some help from here.
Hmm... I can't think of any such methods. However, one trick will be to change the shell of the remote user to a very restrictive menu. Write a small C program to do this. But remember that is a very crude trick and not very safe. Below is an example. No guarantee about the security
Distribution: Solaris 9 & 10, Mac OS X, Ubuntu Server
Posts: 1,197
Rep:
You can actually change the shell to a bash script and trap interrupts so that they can't get out of it to the general shell. Also, restrict the key so that it cannot be used to forward stuff. See the man page for how to restrict the key, and also see http://sial.org/howto/openssh/publickey-auth/ for a pretty good howto with key restriction. The O'Reilly book on the Korn shell tells how to do the menu with traps, and much of it is applicable to the bash sehll. The intro talks about the history of the shells and the relationships.
The security, of course, is not guaranteed and depends in part on your care in crafting the script.
You could put the cmds in sudo, which restricts them to only using those cmds. Its not just for root type work, you can use the same technique to switch to any user (su = switch user).
Depends how many users and what cmds. You'll prob want to use CMD & USER alaises if multiples users/cmds are needed.
See the examples in the sudoers file. http://www.gratisoft.us/sudo/man/sudoers.html
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.