Skip to Content

How do i restrict commands that a user can execute in ssh in ezsh shell ?

Restrict commands in ezsh jump server shell 

1. Enable command guard from Ezeelogin GUI > Settings > General > Security > Command Guard > Enable

     

 

2. Add a command group from Ezeelogin GUI > Command Guard > Command Groups > Add Group

       Click  on the right menu to open  Add command group form.   

    

    

3.  Add command from Ezeelogin GUI > Command Guard > Commands > Add command

    Click    add command form. Enter the name and regular expression for the command you want to add and click 

      

    To test if a string matches the regular expression given for a command, click on the test icon towards the right of the command in the command list.

              

 For example, the following image shows regular expressions to block a user from executing the " kubectl " command with the " delete " option. 


 The following image shows another example of a regular expression to delete files and directories from the command line with '' rm -rf ''.

regular expression

4.     Add the command to Command Group from Ezeelogin GUI > Command Guard > Command group >Actions > Click on Commands icon

    

  

   Refer : https://www.ezeelogin.com/user_manual/CGM.html

 

5. Edit the user, choose the command group and Allow / Disallow commands for the user.

  

     Select the command group from the Drop down windows and select Allow / Disallow to allow or disallow commands in the command group selected

   

   

    Allow will let the user execute only those commands matching the regular expression of commands in the command group

   Disallow will prevent the user from executing any of the commands matching the regular expression of commands in the command group and will let the user execute all other commands.