# lshell.py configuration file # # $Id: lshell.conf,v 1.27 2010-10-18 19:05:17 ghantoos Exp $ [global] ## log directory (default /var/log/lshell/ ) logpath : /var/log/lshell/ ## set log level to 0, 1, 2, 3 or 4 (0: no logs, 1: least verbose, ## 4: log all commands) loglevel : 2 ## configure log file name (default is %u i.e. username.log) #logfilename : %y%m%d-%u #logfilename : syslog ## in case you are using syslog, you can choose your logname #syslogname : myapp [default] ## a list of the allowed commands or 'all' to allow all commands in user's PATH allowed : ['source','vim','awk','cut','grep','cat','env','export', 'read', 'pwd','ls','echo','cd','ll','less','cp','scp','sftp','mv','rm','nova','system','neutron','cinder','glance','ceilometer','heat','keystone','passwd','openstack'] ## a list of forbidden character or commands -- deny vim, as it allows to escape lshell #forbidden : [';', '&', '|','`','>','<', '$(', '${'] forbidden : [';', '&', '>','<', '$('] ## a list of allowed command to use with sudo(8) #sudo_commands : ['ls', 'more'] ## number of warnings when user enters a forbidden value before getting ## exited from lshell, set to -1 to disable. warning_counter : 2 ## command aliases list (similar to bash’s alias directive) aliases : {'ll':'ls -l', 'vim':'rvim'} ## introduction text to print (when entering lshell) #intro : "== My personal intro ==\nWelcome to lshell\nType '?' or 'help' to get the list of allowed commands" ## configure your promt using %u or %h (default: username) prompt : "%u@%h" ## set sort prompt current directory update (default: 0) #prompt_short : 0 ## a value in seconds for the session timer timer : 900 ## list of path to restrict the user "geographicaly" #path : ['/home/bla/','/etc'] ## set the home folder of your user. If not specified the home_path is set to ## the $HOME environment variable #home_path : '/home/bla/' ## update the environment variable $PATH of the user #env_path : ':/usr/local/bin:/usr/sbin' ## a list of path; all executable files inside these path will be allowed #allowed_cmd_path: ['/home/bla/bin','/home/bla/stuff/libexec'] ## add environment variables #env_vars : {'foo':1, 'bar':'helloworld'} env_vars : {'OPENRC_TEMPLATE':'/etc/nova/ldap_openrc_template'} ## allow or forbid the use of scp (set to 1 or 0) #scp : 1 ## forbid scp upload #scp_upload : 0 ## forbid scp download #scp_download : 0 ## allow of forbid the use of sftp (set to 1 or 0) #sftp : 1 ## list of command allowed to execute over ssh (e.g. rsync, rdiff-backup, etc.) #overssh : ['ls', 'rsync'] ## logging strictness. If set to 1, any unknown command is considered as ## forbidden, and user's warning counter is decreased. If set to 0, command is ## considered as unknown, and user is only warned (i.e. *** unknown synthax) strict : 0 ## force files sent through scp to a specific directory #scpforce : '/home/bla/uploads/' ## history file maximum size history_size : 100 ## set history file name (default is /home/%u/.lhistory) #history_file : "/home/%u/.lshell_history" ## define the script to run at user login login_script : "source /usr/local/bin/lshell_env_setup --mute; install -m 0500 /usr/local/bin/lshell_env_setup ~/"