Configuration

ghantoos edited this page Oct 8, 2014 · 2 revisions

lshell needs a configuration file to start. By default, you can find lshell.conf in:

OS Path
LINUX /etc/lshell.conf
*BSD /usr/{pkg,local}/etc/lshell.conf

lshell configuration file includes 4 possible sections:

Section Description
[global] lshell system configuration (applies to all users, mandatory)
[default] lshell default user configuration (applies to all users)
[blah] UNIX username "blah" specific configuration (applies only to user ''blah'', more than one [user] section can be added)
[grp:blahgroup] UNIX groupname "blahgroup" specific configuration (applies only to users in the ''blahgroup'' group, more than one [grp:groupname] section can be added)

[global] Section

This section set lshell fonctionnal variables:

  • logpath : config path (default is /var/log/lshell/)
  • loglevel : 0, 1, 2, 3 or 4 (0: no logs -> 4: logs everything)
  • logfilename : set log file name, e.g. %u-%y%m%d (i.e foo-20091009.log)
%u username
%d day [1..31]
%m month [1..12]
%y year [00..99]
%h time [00:00..23:59]

[default], [username] and [grp:groupname] Sections

The 3 type of sections are configured using the same. Order of priority when loading preferences is the following:

| --- | --- | | 1 | User configuration | | 2 | Group configuration | | 3 | Default configuration |

This means that [username] section overrides [grp:groupname] section, which overides the [default] section. (if this is clear..)

Here is the list of the keys used to configure every section:

  • aliases : command aliases list (similar to bash's alias directive)
  • allowed : a list of the allowed commands or 'all' to allow all commands in user's PATH
  • env_path : update the environment variable $PATH of the user
  • forbidden : a list of forbidden character or commands
  • history_file : set the history filename. A wildcard can be used: %u -> username (e.g. '/home/%u/.lhistory')
  • history_size : set the maximum size (in lines) of the history file
  • home_path : set the home folder of your user. If not specified, the home_path is set to the $HOME environment variable. A wildcard can be used: %u -> username (e.g. '/home/%u') This variable will be removed in the next version of lshell, please use your system's tools to set a user's home directory.
  • intro : set the introduction to print at login
  • passwd : password of specific user
  • path : list of path to restrict the user geographically
  • overssh : list of command allowed to execute over ssh (e.g. rsync, rdiff-backup, scp, etc.)
  • scp : allow or forbid the use of scp connection - set to 1 or 0
  • scpforce : force files sent through scp to a specific directory
  • scp_download : set to 0 to forbid scp downloads (default is 1)
  • scp_upload : set to 0 to forbid scp uploads (default is 1)
  • sftp : allow or forbid the use of sftp connection - set to 1 or 0
  • sudo_commands : a list of the allowed commands that can be used with sudo(8)
  • timer : a value in seconds for the session timer
  • strict : logging strictness. If set to 1, any unknown command is considered as forbidden, and user's warning counter is decreased. If set to 0, command is considered as unknown, and user is only warned (i.e. *** unknown synthax)
  • warning_counter : number of warnings when user enters a forbidden value before getting exited from lshell.
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.
Press h to open a hovercard with more details.