restricted shell

The restricted mode of the Bourne shell {{mono|sh}}, and its POSIX workalikes, is used when the interpreter is invoked in one of the following ways:

• {{kbd|sh -r}}    note that this conflicts with the "read" option in some {{mono|sh}} variants
• {{kbd|rsh}}    note that this may conflict with the remote shell command, which is also called {{mono|rsh}} on some systems

The restricted mode of Bash is used when Bash is invoked in one of the following ways:

• {{kbd|rbash}}
• {{kbd|bash -r}}
• {{kbd|bash --restricted}}

Similarly KornShell's restricted mode is produced by invoking it thus:

• {{kbd|rksh}}
• {{kbd|ksh -r}}

For some systems (e.g., CentOS), the invocation through {{mono|rbash}} is not enabled by default, and the user obtains a {{samp|command not found|color=red}} error if invoked directly, or a login failure if the /etc/passwd file indicates {{mono|/bin/rbash}} as the user's shell.

It suffices to create a link named {{mono|rbash}} pointing directly to {{mono|bash}}. Though this invokes Bash directly, without the {{kbd|-r}} or {{kbd|--restricted}} options, Bash does recognize that it was invoked through {{mono|rbash}} and it does come up as a restricted shell.

This can be accomplished with the following simple commands (executed as root, either logged in as user root, or using sudo):

root@host:~# cd /bin

root@host:/bin# ln bash rbash

The following operations are not permitted in a restricted shell:

• changing directory
• specifying absolute pathnames or names containing a slash
• setting the PATH or SHELL variable
• redirection of output

Bash adds further restrictions, including:

• limitations on function definitions
• limitations on the use of slash-ed filenames in Bash builtins

Restrictions in the restricted KornShell are much the same as those in the restricted Bourne shell.[http://publib.boulder.ibm.com/infocenter/aix/v6r1/index.jsp?topic=/com.ibm.aix.baseadmn/doc/baseadmndita/korn_shell_restricted.htm ksh(1) manual page], IBM AIX documentation set

The restricted shell is not secure. A user can break out of the restricted environment by running a program that features a shell function. The following is an example of the shell function in vi being used to escape from the restricted shell:

user@host:~$ vi

:set shell=/bin/sh

:shell

Or by simply starting a new unrestricted shell, if it is in the {{mono|PATH}}, as demonstrated here:

user@host:~$ rbash

user@host:~$ cd /

rbash: cd: restricted

user@host:~$ bash

user@host:~$ cd /

user@host:/$

Beyond the restricted modes of usual shells, specialized restricted shell programs include:

• [http://www.pizzashack.org/rssh/ rssh] – used with OpenSSH, permitting only certain file copying programs, namely scp, sftp, rsync, cvs, and rdist
• smrsh, which limits the commands sendmail can invoke

{{cite book

| last1 = Costales

| first1 = Bryan

| last2 = Assmann

| first2 = Claus

| last3 = Jansen

| first3 = George

| author3-link =

| last4 = Shapiro

| first4 = Gregory Neil

| title = Sendmail

| url = https://books.google.com/books?id=NQblqMiVqvQC

| accessdate = 2012-08-02

| edition = 4

| series = Oreilly Series

| year = 2007

| publisher = O'Reilly Media, Inc.

| isbn = 9780596510299

| page = 379

| quote = As an aid in preventing [...] attacks, V8.1 sendmail first offered the smrsh (sendmail restricted shell) program.

}}

• Remote Shell

{{reflist}}

Category:Command shells