rcsh

Non-interactive command whitelisted shell

This is a work-in-progress little script intended to be used as a shell for Linux user accounts which are allowed to run a limited set of commands over SSH non-interactively and nothing else. The commands which are allowed are based on a whitelist of exact command invocation strings and/or a list of regular expressions which they should match.

• Free software: BSD license
• Documentation: https://rcsh.readthedocs.io. (not much documentation yet, please stand by…)

Features

• Allow execution of commands based on an exact or regular expression whitelist
• Log invocation using syslog’s LOG_AUTH facilities

Credits

This package was inspired by lshell and bdsh:

• https://github.com/ghantoos/lshell
• https://raymii.org/s/software/bdsh.html
• https://github.com/RaymiiOrg/boa-diminish-restricted-shell/

This package was created with Cookiecutter and the audreyr/cookiecutter-pypackage project template.