如果需要限制用户切换路径等操作，则需要使用rbash实现。

ln -s /bin/bash  /bin/rbash
useradd -s /bin/rbash readuser
passwd readuser

如果不限制可以不创建rbash

useradd readuser
passwd readuser

配置用户的bin路径

mkdir /home/readuser/.bin
chown root. /home/readuser/.bash_profile
chmod 755 /home/readuser/.bash_profile
vim /home/readuser/.bash_profile

.bash_profile，重点替换PATH变量

# .bash_profile

# Get the aliases and functions
if [ -f ~/.bashrc ]; then
        . ~/.bashrc
fi

# User specific environment and startup programs

PATH=$HOME/.bin

export PATH

将允许执行的命令链接到$HOME/bin目录

ln -s /bin/ls  /home/readuser/.bin/ls
ln -s /bin/cat  /home/readuser/.bin/cat
ln -s /bin/less  /home/readuser/.bin/less
ln -s /bin/more  /home/readuser/.bin/more
ln -s /bin/tail  /home/readuser/.bin/tail
ln -s /bin/grep /home/readuser/.bin/grep

ln -s /bin/cd /home/readuser/.bin/cd

完工

参考

http://www.ttlsa.com/linux/restrict-rbash-create-readonly-user/
https://www.dazhuanlan.com/2019/12/07/5deb7f76c1c4e/?__cf_chl_jschl_tk__=82bbdad0db175a6ed868c34816de16ae1158b465-1601013135-0-ARxWVnICGk9OJGslL3Uh2v92BebVrv5aADD-MusBQUMilyplEau_DhG1H7gbZZz_jeZ1EtvKyVh9QENKbL2q5ZmvIxVGfA3C3JYRpxxfaYZrmYYSqAYnswMH95t80tj5UZqb0a-tonMjP0VvEVxjdJdnPlxZKPPXZVvhRLBGpugD4DaOAcbjN5G5U-fbkBYT26YY7xjMHQcwRAV8qICWKNOeT6aHDCc-0wYsjumMUjIlCL1xsCVt7_bc-7-qYDCe_YHz3_3eYvyQDK1nPC9pCE9Nv6G9hTrHTefeHDOCOul0pHXGVc5SWBW8KynZ9-kKUg