How to allow the user to switch when the command guard is enabled
Allow the user to switch when the command guard is enabled
Overview: The following article describes how we can add the regular expression to switch users using the command guard feature. This article presents a simple guide to incorporating regular expressions (regex) for enhanced user-switching capabilities.
This feature is available from Ezeelogin version 7.36.0. Refer to the article to upgrade Ezeelogin to the latest version.
Command guard is an experimental feature (user can bypass command guard by using scripts, up arrow key, tab key, etc).
Let us look at the following example where we will configure a gateway user "tony" to switch to another user "john" .
Step 1: Add the switch user command in the command guard. The following screenshot shows how to add the regular expression for the switch user.
Step 2: Add another regular expression for the user’s password in the regular expression field, then enable the password option to save it with hashing.
Step 3: Create command group called “Switchuser” and assign the cmds “switch user” and ’password of the user’ to the group. Navigate to command guard group -> click on the commands icon and select all commands that need to be added to the group.
Step 4: Edit the user, select the command guard group from the dropdown, and enable "allow" to allow those commands for that user.
Step 5: Login to the ezsh (Ezeelogin shell) as the same user, type in su - username to switch user, and provide the correct password when prompted. Refer to the below example.
Related Articles:
Assign command guard groups for users or user groups
How to restrict commands for gateway users on remote servers?