# lshell
lshell is a limited shell coded in Python, that lets you restrict a user's environment to limited sets of commands, choose to enable/disable any command over SSH (e.g. SCP, SFTP, rsync, etc.), log user's commands, implement timing restriction, and more.
## Installation
### Install via pip
To install `limited-shell` directly via `pip`, use the following command:
```bash
pip install limited-shell
```
This will install limited-shell from PyPI along with all its dependencies.
To uninstall, you can run:
```bash
pip uninstall limited-shell
```
### Build from source and install locally
If you'd like to build and install limited-shell from the source code (useful if you're making modifications or testing new features), you can follow these steps:
```
python3 -m pip install build --user
python3 -m build
pip install . --break-system-packages
```
### Uninstall lshell
To uninstall, you can run:
```bash
pip uninstall limited-shell
```
## Usage
### Via binary
To launch lshell, just execute lshell specifying the location of your configuration file:
```bash
lshell --config /path/to/configuration/file
```
### Using `lshell` in Scripts
You can use `lshell` directly within a script by specifying the lshell path in the shebang. Ensure your script has a `.lsh` extension to indicate it is for lshell, and make sure to include the shebang `#!/usr/bin/lshell` at the top of your script.
For example:
```bash
#!/usr/bin/lshell
echo "test"
```
## Configuration
### User shell configuration
In order to log a user, you will have to add them to the lshell group:
```bash
usermod -aG lshell username
```
In order to configure a user account to use lshell by default, you must:
```bash
chsh -s /usr/bin/lshell user_name
```
You might need to ensure that lshell is listed in /etc/shells.
### lshell.conf
lshell.conf presents a template configuration file. See etc/lshell.conf or man file for more information.
A [default] profile is available for all users using lshell. Nevertheless, you can create a [username] section or a [grp:groupname] section to customize users' preferences.
Order of priority when loading preferences is the following:
1. User configuration
2. Group configuration
3. Default configuration
The primary goal of lshell, is to be able to create shell accounts with ssh access and restrict their environment to a couple a needed commands and path.
For example User 'foo' and user 'bar' both belong to the 'users' UNIX group:
- User 'foo':
- must be able to access /usr and /var but not /usr/local
- use all commands in their PATH except 'su'
- has a warning counter set to 5
- has their home path set to '/home/users'
- User 'bar':
- must be able to access /etc and /usr but not /usr/local
- is allowed default commands plus 'ping' minus 'ls'
- strictness is set to 1 (meaning he is not allowed to type an unknown command)
In this case, my configuration file will look something like this:
# CONFIGURATION START
[global]
logpath : /var/log/lshell/
loglevel : 2
[default]
allowed : ['ls','pwd']
forbidden : [';', '&', '|']
warning_counter : 2
timer : 0
path : ['/etc', '/usr']
env_path : ':/sbin:/usr/foo'
scp : 1 # or 0
sftp : 1 # or 0
overssh : ['rsync','ls']
aliases : {'ls':'ls --color=auto','ll':'ls -l'}
[grp:users]
warning_counter : 5
overssh : - ['ls']
[foo]
allowed : 'all' - ['su']
path : ['/var', '/usr'] - ['/usr/local']
home_path : '/home/users'
[bar]
allowed : + ['ping'] - ['ls']
path : - ['/usr/local']
strict : 1
scpforce : '/home/bar/uploads/'
# CONFIGURATION END
## More information
More information can be found in the manpage: `man -l man/lshell.1` or `man lshell`.
## Contributions
To contribute, open an issue or send a pull request.
Please use github for all requests: https://github.com/ghantoos/lshell/issues
Raw data
{
"_id": null,
"home_page": "https://github.com/ghantoos/lshell",
"name": "limited-shell",
"maintainer": "Ignace Mouzannar",
"docs_url": null,
"requires_python": ">=3.6",
"maintainer_email": "ghantoos@ghantoos.org",
"keywords": "limited, shell, security, python",
"author": "Ignace Mouzannar",
"author_email": "ghantoos@ghantoos.org",
"download_url": "https://files.pythonhosted.org/packages/3e/e4/ec9ea7152eefebc646e3877e89410deacfd0d51f6e980006ada63b0277cf/limited_shell-0.10.2.tar.gz",
"platform": "UNIX",
"description": "# lshell\n\nlshell is a limited shell coded in Python, that lets you restrict a user's environment to limited sets of commands, choose to enable/disable any command over SSH (e.g. SCP, SFTP, rsync, etc.), log user's commands, implement timing restriction, and more.\n\n\n## Installation\n\n### Install via pip\n\nTo install `limited-shell` directly via `pip`, use the following command:\n\n```bash\npip install limited-shell\n```\n\nThis will install limited-shell from PyPI along with all its dependencies.\n\nTo uninstall, you can run:\n\n```bash\npip uninstall limited-shell\n```\n\n### Build from source and install locally\n\nIf you'd like to build and install limited-shell from the source code (useful if you're making modifications or testing new features), you can follow these steps:\n\n```\npython3 -m pip install build --user\npython3 -m build\npip install . --break-system-packages\n```\n\n### Uninstall lshell\n\nTo uninstall, you can run:\n\n```bash\npip uninstall limited-shell\n```\n\n## Usage\n### Via binary\nTo launch lshell, just execute lshell specifying the location of your configuration file:\n\n```bash\nlshell --config /path/to/configuration/file\n```\n\n### Using `lshell` in Scripts\n\nYou can use `lshell` directly within a script by specifying the lshell path in the shebang. Ensure your script has a `.lsh` extension to indicate it is for lshell, and make sure to include the shebang `#!/usr/bin/lshell` at the top of your script.\n\nFor example:\n\n```bash\n#!/usr/bin/lshell\necho \"test\"\n```\n\n\n## Configuration\n### User shell configuration\nIn order to log a user, you will have to add them to the lshell group:\n\n```bash\nusermod -aG lshell username\n```\n\nIn order to configure a user account to use lshell by default, you must: \n\n```bash\nchsh -s /usr/bin/lshell user_name\n```\n\nYou might need to ensure that lshell is listed in /etc/shells.\n\n### lshell.conf\n\nlshell.conf presents a template configuration file. See etc/lshell.conf or man file for more information.\n\nA [default] profile is available for all users using lshell. Nevertheless, you can create a [username] section or a [grp:groupname] section to customize users' preferences.\n\nOrder of priority when loading preferences is the following:\n\n1. User configuration\n2. Group configuration\n3. Default configuration\n\nThe primary goal of lshell, is to be able to create shell accounts with ssh access and restrict their environment to a couple a needed commands and path.\n \nFor example User 'foo' and user 'bar' both belong to the 'users' UNIX group:\n\n- User 'foo': \n - must be able to access /usr and /var but not /usr/local\n - use all commands in their PATH except 'su'\n - has a warning counter set to 5\n - has their home path set to '/home/users'\n\n- User 'bar':\n - must be able to access /etc and /usr but not /usr/local\n - is allowed default commands plus 'ping' minus 'ls'\n - strictness is set to 1 (meaning he is not allowed to type an unknown command)\n\nIn this case, my configuration file will look something like this:\n\n # CONFIGURATION START\n [global]\n logpath : /var/log/lshell/\n loglevel : 2\n\n [default]\n allowed : ['ls','pwd']\n forbidden : [';', '&', '|'] \n warning_counter : 2\n timer : 0\n path : ['/etc', '/usr']\n env_path : ':/sbin:/usr/foo'\n scp : 1 # or 0\n sftp : 1 # or 0\n overssh : ['rsync','ls']\n aliases : {'ls':'ls --color=auto','ll':'ls -l'}\n\n [grp:users]\n warning_counter : 5\n overssh : - ['ls']\n\n [foo]\n allowed : 'all' - ['su']\n path : ['/var', '/usr'] - ['/usr/local']\n home_path : '/home/users'\n\n [bar]\n allowed : + ['ping'] - ['ls'] \n path : - ['/usr/local']\n strict : 1\n scpforce : '/home/bar/uploads/'\n # CONFIGURATION END\n\n## More information\n\nMore information can be found in the manpage: `man -l man/lshell.1` or `man lshell`.\n\n\n## Contributions\n\nTo contribute, open an issue or send a pull request.\n\nPlease use github for all requests: https://github.com/ghantoos/lshell/issues\n",
"bugtrack_url": null,
"license": "GPL-3",
"summary": "lshell - Limited Shell",
"version": "0.10.2",
"project_urls": {
"Changelog": "https://github.com/ghantoos/lshell/blob/master/CHANGELOG.md",
"GitHub": "https://github.com/ghantoos/lshell",
"Homepage": "https://github.com/ghantoos/lshell"
},
"split_keywords": [
"limited",
" shell",
" security",
" python"
],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "8da5ad7b34c0297631b626f32e01b7a99a057a01ecdf84546129f7966e94a912",
"md5": "f1c8427ebeba8f875b67c3a4de7c73fa",
"sha256": "cb6c791a328b1e647e9a2ae37dda52154a6dfe7d12bd53da1e3f3bffa859d929"
},
"downloads": -1,
"filename": "limited_shell-0.10.2-py3-none-any.whl",
"has_sig": false,
"md5_digest": "f1c8427ebeba8f875b67c3a4de7c73fa",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.6",
"size": 65423,
"upload_time": "2024-10-25T05:18:23",
"upload_time_iso_8601": "2024-10-25T05:18:23.433013Z",
"url": "https://files.pythonhosted.org/packages/8d/a5/ad7b34c0297631b626f32e01b7a99a057a01ecdf84546129f7966e94a912/limited_shell-0.10.2-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "3ee4ec9ea7152eefebc646e3877e89410deacfd0d51f6e980006ada63b0277cf",
"md5": "6f413432693c5f0b5cdeb23d8acced6e",
"sha256": "773b6e0416287c309ad24195a30237cfdc01f9db4f9832c7218afb84d353943c"
},
"downloads": -1,
"filename": "limited_shell-0.10.2.tar.gz",
"has_sig": false,
"md5_digest": "6f413432693c5f0b5cdeb23d8acced6e",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.6",
"size": 53673,
"upload_time": "2024-10-25T05:18:24",
"upload_time_iso_8601": "2024-10-25T05:18:24.828946Z",
"url": "https://files.pythonhosted.org/packages/3e/e4/ec9ea7152eefebc646e3877e89410deacfd0d51f6e980006ada63b0277cf/limited_shell-0.10.2.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2024-10-25 05:18:24",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "ghantoos",
"github_project": "lshell",
"travis_ci": false,
"coveralls": false,
"github_actions": true,
"requirements": [
{
"name": "configparser",
"specs": []
},
{
"name": "logging",
"specs": []
},
{
"name": "readline",
"specs": []
},
{
"name": "pexpect",
"specs": []
}
],
"lcname": "limited-shell"
}