Let's assume I have a casual user who can log in to the system via SSH into a bash shell. I also have a PHP (though the language is irrelevant here) script that acts as a process accepting various commands and other user input and acts according to them (essentially a 'shell-like' script).
Now, what I want to do is to lock the user inside said PHP script, ie. run it as soon as the user logs in (this part is simple via .bashrc) but at the same time ensure that when the script execution ends, the user is also automatically 'kicked out' of bash and consequently the ssh session, so that he cannot do anything via bash itself and stays limited to what the PHP script offers.
Is that even possible? If yes, how would I go about doing it?
Update: Based on the answers so far – having bash inbetween my script and the user logging in via SSH is no requirement whatsoever. It just seemed like a necessity to me at first. Anything that forces the user into my script only directly after a SSH login is a welcome answer.
Best Answer
Following the updated information, you should have them do private/public key pairs and inside the
.ssh/authorized_keysfile set it to only run script.php file. You shouldn't rely on the.bashrcfor protection, especially since that is needed to initialize the environment.