2
2
I would like to set up a group of UNIX users which only has access to one specific Python file via SSH. That is, they should not be able to run any other commands/programs or view any part of the file structure.
I've sort of accomplished this already by running the script on logon and disabling keyboard interrupts, but this is not ideal as uses can still connect via WinSCP and browse the file structure. I have looked into setting up a jail which restricts users to a certain directory, but that seems like overkill for my purposes and would still allow them access to the shell. What is the most efficient/secure solution?
Edit with more details as requested: The script needs to be executed on the server because it frequently connects to and updates/reads a database also residing on the server. Users will be interacting with each other on the server via the script. I do not want to require users to download/install anything other than an SSH client, but I do want to restrict access to all parts of the server other than the script.
Welcome to Super User. If I understand correctly, you want users to be able to execute that script on your host machine. Can you please [edit] your question to clarify what the script is doing, e.g., does it make any permanent changes to the host machine, does it work with any information that should not be accessible to the users, or does it just work on its own? Also, why do you need this and cannot just let the users execute the script on their machine or similar? Right now, your question seems like an XY problem.
– Wrzlprmft – 2017-01-06T09:08:51.500I've updated the question with more information. – Ecliptica – 2017-01-06T09:24:52.870
1
I have not done enough research to answer this question but feeling that limited shell
– Kenneth L – 2017-01-06T09:40:07.263lshell
may be one of your solution. https://linux.die.net/man/1/lshell@KennethL I actually ended up going with your solution. Will update with an answer. – Ecliptica – 2017-01-06T18:50:08.327