Setup commands and command groups and then you can allow or disallow a particular command group to a user via user add or user edit
Displays a list of regular expression that can be used as a allow only or a block only filter against user inputs in ezeelogin shell. The filters can be applied to users using the Command guard feature.
- Name The name of the command that is defined.
- Description Summary of the what the command does.
- Regular Expression Regular expression against which the user inputs would be matched.
- Edit To edit a command, click on the edit icon towards the right of the command in the command list. In the edit command form that follows, make the necessary modifications and click on the butto.
- Test To test if a string matches the regular expression given for a command, click on the test icon towards the right of the command in the command list. In the pop-up test command form, enter your string and click on button to perform the test.
Click on the button to close the test command pop-up window.
- Delete To delete a command, click on the delete or icon towards the right of the command in the command list. Commands that are not used in any of the command groups only may be deleted.
Command guard needs to be enabled in order for this to work.
WARNING: Command guard only filters the user input. It does not monitor bash (or any other shell) history. Hence if a user selects a disallowed command from shell history, it can be executed. Also there can be more ways to circumvent the filters you set using certain features of the shell such as tab completion. Generally, this feature can be used to avoid accidental human errors. You may disable history and completion features of shell to make it more effective. Enable virtual shell for user for strict filtering, but it is not an interactive shell (means interactive activities such as file editors, top etc. will not work as in a regular shell). The “Allow” method for command guard which only allow commands matching the given regular expressions is more effective as it disallows anything that does not match (which includes choosing from bash history for example).