I have a server where I'd like to grant a user the ability to log in remotely, but restrict the session in two specific ways:
- They can only access a certain set of folders on the computer, and for those folders they only have read access
- Aside from normal shell commands for navigating the filesystem, there is only one command they can execute
For illustration purposes, the folders I want them to access are:
/data/folderA
/data/folderB
/data/folderC
and the binary I want them to be able to execute is:
/usr/local/bin/SomeCommand
Note that the /data
directory contains other files and folders that I don't want the user to be able to see at all.
Basically, I want the session to only display folderA
, folderB
, and folderC
at the root of the visible filesystem. If there's a few other visible files or folders related only to setting this up that are visible, that's acceptable, but nothing else.
They also need to be able to use SomeCommand
normally, but no other executable. Note that SomeCommand
requires internet access, and has a large dependency tree.
There are two systems where I could set this up: an old mac running macOS 10.13.6 (my preference), or a headless Debian system.
What I've tried so far:
I tried configuring OpenSSH to have a specific user account be locked into a chroot
jail. I don't think that's going to work, though, not only because I don't know how to give access to the specific folders in question (especially given that they have sibling files and folders I don't want to be visible, so I can't chroot into their parent directory), but also because that would prevent SomeCommand
from being able to find any of its needed libraries, and as I mentioned it has a lot of dependencies.
Any other options?
Is there perhaps a specific specialized shell I can use that can be set up this way, or some way to configure bash
to do this?