# Dokku host
dokku plugin:install https://github.com/dokku-community/dokku-acl.git acl
dokku ssh-keys:add guest guest-key.pub
dokku ssh-keys:list
mkdir ~ dokku/.dokkurc
echo " export DOKKU_ACL_ALLOW_COMMAND_LINE=1" >> ~ dokku/.dokkurc/acl
echo " export DOKKU_SUPER_USER=<username>" >> ~ dokku/.dokkurc/acl # Determine admin username from output of `dokku ssh-keys:list`
echo " DOKKU_ACL_USER_COMMANDS='help version'" >> ~ dokku/.dokkurc/acl
dokku apps:create my-app
dokku domains:add my-app my-app.com
dokku acl:add my-app guest
Create guest user with restricted SSH access (optional)
# Create guest account with SSH access
useradd -d /home/guest guest
cat guest-key.pub >> /home/guest/.ssh/authorized_keys
mkdir -p /home/guest/{bin,lib,etc,home/guest}
chown 755 /home/guest
chown root:root /home/guest
chown -R guest:guest /home/guest/home/guest
chmod 700 /home/guest/.ssh
chmod 644 /home/guest/.ssh/authorized_keys
chmod -R 0700 /home/guest/home/guest
# ldd /bin/bash
cp -v /lib/x86_64-linux-gnu/{libselinux.so.1,libc.so.6,libpcre.so.3,libdl.so.2,libpthread.so.0} /home/guest/lib/
# ldd /bin/ls
cp -v /lib/x86_64-linux-gnu/{libtinfo.so.5,libdl.so.2,libc.so.6,ld-linux-x86-64.so.2} /home/guest/lib/
# Copy allowed binaries to guest user /bin directory
# Find binary using the 'whereis' command, like so:
# whereis git-receive-pack
# cp -v /usr/bin/git-receive-pack /home/guest/bin/
cp -vf /etc/{passwd,group} /home/guest/etc/
cp -v /bin/bash /home/guest/bin/
cp -v /bin/ls /home/guest/bin/
cp -v /bin/pwd /home/guest/bin/
cp -v /bin/whoami /home/guest/bin/
cp -v /usr/bin/git-receive-pack /home/guest/bin/
sudo chmod -R 755 /home/guest/bin
# Set up SSH access
nano /etc/ssh/sshd_config
# Copy-paste without '#':
# Match user guest
# ChrootDirectory /home/guest
# PubkeyAuthentication yes
# AuthorizedKeysFile /home/guest/.ssh/authorized_keys
sshd -t
sudo service ssh restart