Restricted shell

Invocation

The restricted mode of the Bourne shell , and its POSIX workalikes, is used when the interpreter is invoked in one of the following ways:

•  *note that this conflicts with the "read" option in some  variants*
  

• *note that this may conflict with the remote shell command, which is also called  on some systems*
  

The restricted mode of Bash is used when Bash is invoked in one of the following ways:

Similarly KornShell's restricted mode is produced by invoking it thus:

Setting up rbash

For some systems (e.g., CentOS), the invocation through is not enabled by default, and the user obtains a error if invoked directly, or a login failure if the /etc/passwd file indicates as the user's shell.

It suffices to create a link named pointing directly to . Though this invokes Bash directly, without the or options, Bash does recognize that it was invoked through and it does come up as a restricted shell.

This can be accomplished with the following simple commands (executed as root, either logged in as user root, or using sudo):

root@host:~# cd /bin
root@host:/bin# ln bash rbash

Limited operations

The following operations are not permitted in a restricted shell:

• changing directory
• specifying absolute pathnames or names containing a slash
• setting the PATH or SHELL variable
• redirection of output

Bash adds further restrictions, including:

• limitations on function definitions
• limitations on the use of slash-ed filenames in Bash builtins

Restrictions in the restricted KornShell are much the same as those in the restricted Bourne shell.

Weaknesses of a restricted shell

The restricted shell is not secure. A user can break out of the restricted environment by running a program that features a shell function. The following is an example of the shell function in vi being used to escape from the restricted shell:

user@host:~$ vi

:set shell=/bin/sh
:shell

Or by simply starting a new unrestricted shell, if it is in the , as demonstrated here:

user@host:~$ rbash
user@host:~$ cd /
rbash: cd: restricted
user@host:~$ bash
user@host:~$ cd /
user@host:/$

List of programs

Beyond the restricted modes of usual shells, specialized restricted shell programs include:

• [rssh](http://www.pizzashack.org/rssh/) – used with OpenSSH, permitting only certain file copying programs, namely scp, sftp, rsync, cvs, and rdist
• smrsh, which limits the commands sendmail can invoke | author3-link =

References

References

1. "POSIX sh specification".
2. [https://www.gnu.org/software/bash/manual/bashref.html#The-Restricted-Shell GNU Bash manual]
3. [http://docs.sun.com/app/docs/doc/816-5165/ksh-1?l=en&n=1&a=view ksh manual], Solaris (SunOS 5.10) manual page, Oracle Inc.
4. [http://publib.boulder.ibm.com/infocenter/aix/v6r1/index.jsp?topic=/com.ibm.aix.baseadmn/doc/baseadmndita/korn_shell_restricted.htm ksh(1) manual page], IBM AIX documentation set