95 lines
3.4 KiB
Plaintext
95 lines
3.4 KiB
Plaintext
# lshell.py configuration file
|
||
#
|
||
# $Id: lshell.conf,v 1.27 2010-10-18 19:05:17 ghantoos Exp $
|
||
|
||
[global]
|
||
## log directory (default /var/log/lshell/ )
|
||
logpath : /var/log/lshell/
|
||
## set log level to 0, 1, 2, 3 or 4 (0: no logs, 1: least verbose,
|
||
## 4: log all commands)
|
||
loglevel : 2
|
||
## configure log file name (default is %u i.e. username.log)
|
||
#logfilename : %y%m%d-%u
|
||
#logfilename : syslog
|
||
|
||
## in case you are using syslog, you can choose your logname
|
||
#syslogname : myapp
|
||
|
||
[default]
|
||
## a list of the allowed commands or 'all' to allow all commands in user's PATH
|
||
allowed : ['source','vim','awk','cut','grep','cat','env','export', 'read', 'pwd','ls','echo','cd','ll','less','cp','scp','sftp','mv','rm','nova','system','neutron','cinder','glance','ceilometer','heat','keystone','passwd','openstack']
|
||
|
||
## a list of forbidden character or commands -- deny vim, as it allows to escape lshell
|
||
#forbidden : [';', '&', '|','`','>','<', '$(', '${']
|
||
forbidden : [';', '&', '>','<', '$(']
|
||
|
||
## a list of allowed command to use with sudo(8)
|
||
#sudo_commands : ['ls', 'more']
|
||
|
||
## number of warnings when user enters a forbidden value before getting
|
||
## exited from lshell, set to -1 to disable.
|
||
warning_counter : 2
|
||
|
||
## command aliases list (similar to bash’s alias directive)
|
||
aliases : {'ll':'ls -l', 'vim':'rvim'}
|
||
|
||
## introduction text to print (when entering lshell)
|
||
#intro : "== My personal intro ==\nWelcome to lshell\nType '?' or 'help' to get the list of allowed commands"
|
||
|
||
## configure your promt using %u or %h (default: username)
|
||
prompt : "%u@%h"
|
||
|
||
## set sort prompt current directory update (default: 0)
|
||
#prompt_short : 0
|
||
|
||
## a value in seconds for the session timer
|
||
timer : 900
|
||
|
||
## list of path to restrict the user "geographicaly"
|
||
#path : ['/home/bla/','/etc']
|
||
|
||
## set the home folder of your user. If not specified the home_path is set to
|
||
## the $HOME environment variable
|
||
#home_path : '/home/bla/'
|
||
|
||
## update the environment variable $PATH of the user
|
||
#env_path : ':/usr/local/bin:/usr/sbin'
|
||
|
||
## a list of path; all executable files inside these path will be allowed
|
||
#allowed_cmd_path: ['/home/bla/bin','/home/bla/stuff/libexec']
|
||
|
||
## add environment variables
|
||
#env_vars : {'foo':1, 'bar':'helloworld'}
|
||
env_vars : {'OPENRC_TEMPLATE':'/etc/nova/ldap_openrc_template'}
|
||
## allow or forbid the use of scp (set to 1 or 0)
|
||
#scp : 1
|
||
|
||
## forbid scp upload
|
||
#scp_upload : 0
|
||
|
||
## forbid scp download
|
||
#scp_download : 0
|
||
|
||
## allow of forbid the use of sftp (set to 1 or 0)
|
||
#sftp : 1
|
||
|
||
## list of command allowed to execute over ssh (e.g. rsync, rdiff-backup, etc.)
|
||
#overssh : ['ls', 'rsync']
|
||
|
||
## logging strictness. If set to 1, any unknown command is considered as
|
||
## forbidden, and user's warning counter is decreased. If set to 0, command is
|
||
## considered as unknown, and user is only warned (i.e. *** unknown synthax)
|
||
strict : 0
|
||
|
||
## force files sent through scp to a specific directory
|
||
#scpforce : '/home/bla/uploads/'
|
||
|
||
## history file maximum size
|
||
history_size : 100
|
||
|
||
## set history file name (default is /home/%u/.lhistory)
|
||
#history_file : "/home/%u/.lshell_history"
|
||
|
||
## define the script to run at user login
|
||
login_script : "source /usr/local/bin/lshell_env_setup --mute; install -m 0500 /usr/local/bin/lshell_env_setup ~/"
|