Start a Conversation




14 Posts


August 8th, 2023 09:00

Restricted CLI

Any one venture into the Restricted CLI options in 9.5 yet?   We are in need of logging cli activity on the clusters and I thought this would be perfect.

I am starting to toy with it, but having some issues.  From the documentation it only shows local accounts modification when setting the restricted shell.  We do not utilize local accounts but AD authenticated accounts to access the CLI.  When setting up the restricted shell via the following command, it fails.  

isi auth users modify \ --shell=/user/local/restricted_shell/bin.......

Failed to modify user : The authentication request could not be handled.   

I can find where you can change this entire authentication provided shell for all users, but I don't really want to do that, I would rather just change the shell of each of my admins.   

567 Posts

August 28th, 2023 15:48

@tchstnut ,


isi auth status
isi auth users modify <DOMAIN>\\<user> --provider=<provider> --shell=/usr/local/restricted_shell/bin/

philler-2# isi auth status
ID                                        Active Server        Status
lsa-activedirectory-provider:ICSLAB.LOCAL W2012R2.ICSLAB.local online
lsa-local-provider:System                 -                    active
lsa-local-provider:test11                 -                    active
lsa-file-provider:System                  -                    active
lsa-ldap-provider:centos7-ldap-server     -                    offline
Total: 5
philler-2# isi auth users modify ICSLAB\\alvinc --provider=lsa-activedirectory-provider:ICSLAB.LOCAL --shell=/usr/local/restricted_shell/bin/

No Events found!