[[email protected] ~]# cat /etc/lshell.conf
# lshell.py configuration file
#
# $Id: lshell.conf,v 1.27 2010/10/18 19:05:17 ghantoos Exp $
[global]
## log directory (default /var/log/lshell/ )
logpath : /var/log/lshell/
## set log level to 0, 1, 2, 3 or 4 (0: no logs, 1: least verbose,
## 4: log all commands)
loglevel : 2
## configure log file name (default is %u i.e. username.log)
#logfilename : %y%m%d-%u
#logfilename : syslog
## in case you are using syslog, you can choose your logname
#syslogname : myapp
[default]
## a list of the allowed commands or 'all' to allow all commands in user's PATH
allowed : ['ls','echo','cd','ll']
## a list of forbidden character or commands
#forbidden : [';', '&', '|','`','>','
forbidden : ['>','
## a list of allowed command to use with sudo(8)
#sudo_commands : ['ls', 'more']
## number of warnings when user enters a forbidden value before getting
## exited from lshell, set to -1 to disable.
warning_counter : 2
## command aliases list (similar to bash’s alias directive)
aliases : {'ll':'ls -l', 'vi':'vim'}
## introduction text to print (when entering lshell)
intro : "线上环境请谨慎执行命令n执行help或者?n列出可执行的命令n执行lpathn查看允许访问的路径"
## configure your promt using %u or %h (default: username)
prompt : "%u@%h"
## a value in seconds for the session timer
timer : 0
## list of path to restrict the user "geographicaly"
#path : ['/home/bla/','/etc']
## set the home folder of your user. If not specified the home_path is set to
## the $HOME environment variable
#home_path : '/home/bla/'
## update the environment variable $PATH of the user
env_path : ':/usr/local/bin:/usr/sbin:/bin'
## add environment variables
#env_vars : {'foo':1, 'bar':'helloworld'}
## allow or forbid the use of scp (set to 1 or 0)
#scp : 1
## forbid scp upload
#scp_upload : 0
## forbid scp download
#scp_download : 0
## allow of forbid the use of sftp (set to 1 or 0)
#sftp : 1
## list of command allowed to execute over ssh (e.g. rsync, rdiff-backup, etc.)
overssh : ['ls','sed','cp','mkdir','date','>',';','&&' ]
## logging strictness. If set to 1, any unknown command is considered as
## forbidden, and user's warning counter is decreased. If set to 0, command is
## considered as unknown, and user is only warned (i.e. *** unknown synthax)
#strict : 1
## force files sent through scp to a specific directory
#scpforce : '/home/bla/uploads/'
## history file maximum size
history_size : 9999
## set history file name (default is /home/%u/.lhistory)
#history_file : "/home/%u/.lshell_history"
[rd]
allowed : [ 'ls','cd','ll','ifconfig','less','echo','ip','>','date','grep','cat','awk','|','telnet','ps','ping','netstat','more','jps','free','du','df','top','tail','sed','curl','date','iostat','iotop','pwd','diff','uptime','hostname','nslookup' ]
home_path : '/home/rd' # 用户的家目录
env_path : ':/usr/local/bin:/usr/sbin:/sbin:/bin:/usr/local/sbin:/ust/bin'
path : [ '/home/testdir','/home/rd' ] # 允许用户访问的目录
#forbidden : [';', '&', '|','`','>','