5.19. Running root Commands via SSH
Problem
You want to grant root privileges to another user, but permit only certain commands to be run.
Solution
Share your root privileges via SSH [Recipe 5.18] and add forced commands to ~root/.ssh/authorized_keys .
Discussion
Using SSH forced commands, you can limit which programs a user may run as root. For example, this key entry:
~root/.ssh/authorized_keys:
command="/sbin/dump -0 /local/data" ssh-dss key...permits only the command /sbin/dump -0 /local/data to be run, on successful authentication.
Each key is limited to one forced command, but if you make the command a shell script, you can restrict users to a specific set of programs after authentication. Suppose you write a script /usr/local/bin/ssh-switch:
#!/bin/sh
case "$1" in
backups)
# Perform level zero backups
/sbin/dump -0 /local/data
;;
messages)
# View log messages
/bin/cat /var/log/messages
;;
settime)
# Set the system time via ntp
/usr/sbin/ntpdate timeserver.example.com
;;
*)
# Refuse anything else
echo 'Permission denied' 1>&2
exit 1
;;
esacand make it a forced command:
~root/.ssh/authorized_keys:
command="/usr/local/bin/ssh-switch $SSH_ORIGINAL_COMMAND" ssh-dss key...Then users can run selected commands as:
$ ssh -l root localhost backups Runs dump $ ssh -l root localhost settime Runs ntpdate $ ssh -l root localhost cat /etc/passwd Not authorized: Permission denied
Take care that your forced commands use full paths and have no shell escapes, and do not let the user modify authorized_keys ...