Restricted shell

Quality 0.50 · 2 views · Updated 2 months ago

title: "Restricted shell" type: doc version: 1 created: 2026-02-28 author: "Wikipedia contributors" status: active scope: public tags: ["command-shells"] topic_path: "general/command-shells" source: "https://en.wikipedia.org/wiki/Restricted_shell" license: "CC BY-SA 4.0" wikipedia_page_id: 0 wikipedia_revision_id: 0

The restricted shell is a Unix shell that restricts some of the capabilities available to an interactive user session, or to a shell script, running within it. It is intended to provide an additional layer of security, but is insufficient to allow execution of entirely untrusted software. A restricted mode operation is found in the original Bourne shell and its later counterpart Bash, and in the KornShell. In some cases a restricted shell is used in conjunction with a chroot jail, in a further attempt to limit access to the system as a whole.

Invocation

The restricted mode of the Bourne shell , and its POSIX workalikes, is used when the interpreter is invoked in one of the following ways:

  •  *note that this conflicts with the "read" option in some  variants*

  • *note that this may conflict with the [remote shell](remote-shell) command, which is also called  on some systems*

The restricted mode of Bash is used when Bash is invoked in one of the following ways:

Similarly KornShell's restricted mode is produced by invoking it thus:

Setting up rbash

For some systems (e.g., CentOS), the invocation through is not enabled by default, and the user obtains a error if invoked directly, or a login failure if the /etc/passwd file indicates as the user's shell.

It suffices to create a link named pointing directly to . Though this invokes Bash directly, without the or options, Bash does recognize that it was invoked through and it does come up as a restricted shell.

This can be accomplished with the following simple commands (executed as root, either logged in as user root, or using sudo): ::code[lang=console] root@host:~# cd /bin root@host:/bin# ln bash rbash ::

Limited operations

The following operations are not permitted in a restricted shell:

  • changing directory
  • specifying absolute pathnames or names containing a slash
  • setting the PATH or SHELL variable
  • redirection of output

Bash adds further restrictions, including:

  • limitations on function definitions
  • limitations on the use of slash-ed filenames in Bash builtins

Restrictions in the restricted KornShell are much the same as those in the restricted Bourne shell.

Weaknesses of a restricted shell

The restricted shell is not secure. A user can break out of the restricted environment by running a program that features a shell function. The following is an example of the shell function in vi being used to escape from the restricted shell: ::code[lang=console] user@host:~$ vi ::

::code[lang=vim] :set shell=/bin/sh :shell ::

Or by simply starting a new unrestricted shell, if it is in the , as demonstrated here: ::code[lang=console] user@host:$ rbash user@host:$ cd / rbash: cd: restricted user@host:$ bash user@host:$ cd / user@host:/$ ::

List of programs

Beyond the restricted modes of usual shells, specialized restricted shell programs include:

  • [rssh](http://www.pizzashack.org/rssh/) – used with OpenSSH, permitting only certain file copying programs, namely scp, sftp, rsync, cvs, and rdist
  • smrsh, which limits the commands sendmail can invoke | last1 = Costales | first1 = Bryan | last2 = Assmann | first2 = Claus | last3 = Jansen | first3 = George | author3-link = | last4 = Shapiro | first4 = Gregory Neil | title = Sendmail | url = https://books.google.com/books?id=NQblqMiVqvQC | accessdate = 2012-08-02 | edition = 4 | series = Oreilly Series | year = 2007 | publisher = O'Reilly Media, Inc. | isbn = 9780596510299 | page = 379 | quote = As an aid in preventing [...] attacks, V8.1 sendmail first offered the smrsh (sendmail restricted shell) program.

References

References

  1. "POSIX sh specification".
  2. [https://www.gnu.org/software/bash/manual/bashref.html#The-Restricted-Shell GNU Bash manual]
  3. [http://docs.sun.com/app/docs/doc/816-5165/ksh-1?l=en&n=1&a=view ksh manual], Solaris (SunOS 5.10) manual page, Oracle Inc.
  4. [http://publib.boulder.ibm.com/infocenter/aix/v6r1/index.jsp?topic=/com.ibm.aix.baseadmn/doc/baseadmndita/korn_shell_restricted.htm ksh(1) manual page], IBM AIX documentation set

::callout[type=info title="Wikipedia Source"] This article was imported from Wikipedia and is available under the Creative Commons Attribution-ShareAlike 4.0 License. Content has been adapted to SurfDoc format. Original contributors can be found on the article history page. ::

command-shells