|
|
|
|
|
|
|
Man Page for commsh
Name
commsh - Community Shell application for restricting user access in a community environment
Synopsis
commsh [--check [path [checks]] | --check-user command | --version | --help]
Description
commsh is a shell wrapper application for managing restricted multi-user accounts using chroot jail environments, dynamic account generation, and other access restriction methods.
commsh can currently perform the following functions:
- Perform a security check on a chroot jail environment
- chroot to a properly secured environment
- Switch to a new user within the secured environment
- Launch a shell as the new user
commsh reads a configuration file (defined at compile time, often /etc/commsh.conf) before performing any options.
commsh should be setuid root in order to function
correctly. The setuid root bit will be dropped before commsh
terminates or passes control to another application.
Options
--check [path [checks]]
Perform jail checks and output results before terminating. If path or checks is omitted, the values from the configration file will be used. The setuid root bit will be dropped before checks are performed.
--check-user command
If the user is listed as requiring command checking by a
CheckUser directive, check the command against the
DirectAccess directives. Return '0' if the command is
allowed, and '-1' if it is not. If the CheckVerbose directive
is true, 'ALLOW' or 'DENY' will be displayed as appropriate.
--version
Display version information and exit.
--help
Display help information and exit.
Files
/etc/commsh.conf - the commsh configuration file
Bugs
None known.
See Also
commsh.conf (5)
|
|
|
|
|
