A system administrator needs to harden a Linux server by providing limited, interactive shell access to a new user, 'app_user'. The user must only be able to execute a few specific commands located in '/home/app_user/bin' and must be prevented from changing directories, modifying the PATH variable, or executing commands using absolute or relative paths. Which of the following methods is the most appropriate and effective for creating this restricted environment?
Set the user's login shell to /bin/rbash and configure a limited PATH in the user's ~/.bash_profile.
Set the user's login shell to /sbin/nologin to prevent unauthorized commands.
Place the user in a chroot jail environment limited to their home directory.
Configure /etc/sudoers to only allow app_user to execute specific commands.
The correct approach is to set the user's login shell to /bin/rbash and configure a limited PATH in the user's ~/.bash_profile. rbash (Restricted Bash) is specifically designed for this purpose. It prevents users from changing directories with cd, modifying environment variables like PATH, and executing commands that contain slashes. By setting the user's shell to /bin/rbash and then defining a PATH in ~/.bash_profile that only points to their personal bin directory (/home/app_user/bin), the administrator ensures the user can log in interactively but can only run the specified commands.
Using /sbin/nologin would prevent any interactive login, which contradicts the requirement for the user to execute commands. Placing the user in a chroot jail is a different security mechanism that changes the user's root directory; it is more complex and doesn't inherently restrict shell features like cd or PATH modification in the same way rbash does. Configuring sudo rules restricts privilege escalation but does not restrict the user's interactive shell environment itself; the user could still navigate the filesystem with their standard permissions.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is /bin/rbash and how does it restrict a user's actions?
Open an interactive chat with Bash
Why is restricting the PATH variable important in user hardening?
Open an interactive chat with Bash
How does /sbin/nologin differ from /bin/rbash in terms of login control?
Open an interactive chat with Bash
CompTIA Linux+ XK0-006 (V8)
Security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
IT & Cybersecurity Package Join Premium for Full Access