Linux只读账号配置【转】

整个配置的命令如下（主要使用了：Linux bash受限的shell(RESTRICTED SHELL)）

步骤
#1.创建只读shell（这步可以省略）

ln -s /bin/bash  /bin/rbash

#2.创建用户并指定用户启动执行的shell

useradd -s /bin/bash readonly

这步不要指定rbash，否侧cd等內建命令无法使用

#3.修改用户密码

passwd readonly

#4.创建用户shell执行命令目录

mkdir /home/readonly/.bin

#5.root修改用户的shell配置文件

chown root. /home/readonly/.bash_profile
chmod 755 /home/readonly/.bash_profile

#6.修改bash配置文件，主要是指定PATH的读取

vi /home/readonly/.bash_profile
# .bash_profile

# Get the aliases and functions
if [ -f ~/.bashrc ]; then
. ~/.bashrc
fi

# User specific environment and startup programs

#PATH=$PATH:$HOME/bin
PATH=$HOME/.bin

export PATH

#切换到只读账号使环境变量生效
su - readonly
source /home/readonly/.bash_profile 

#7.将允许执行的命令链接到$HOME/.bin目录

ln -s /usr/bin/wc  /home/readonly/.bin/wc
ln -s /usr/bin/tail  /home/readonly/.bin/tail
ln -s /bin/more  /home/readonly/.bin/more
ln -s /bin/cat  /home/readonly/.bin/cat
ln -s /bin/grep  /home/readonly/.bin/grep
ln -s /bin/find  /home/readonly/.bin/find
ln -s /bin/pwd  /home/readonly/.bin/pwd
ln -s /bin/ls  /home/readonly/.bin/ls
ln -s /bin/less /home/readonly/.bin/less
ln -s /bin/tar  /home/readonly/.bin/tar

转自

Linux只读账号配置-天道酬勤-51CTO博客 http://blog.51cto.com/4543647/1951626

Linux内建命令和外部命令（整理） - holybin的专栏 - CSDN博客 https://blog.csdn.net/holybin/article/details/24230747

Linux进阶之 which 命令 - 小桥流水丶 - CSDN博客 https://blog.csdn.net/Ivy___/article/details/77985881