Restricted shell

The restricted shell is a Unix shell that restricts some of the capabilities available to an interactive user session, or to a shell script, running within it. It is intended to provide an additional layer of security, but is insufficient to allow execution of entirely untrusted software. A restricted mode operation is found in the original Bourne shell and its later counterpart Bash, and in the Korn shell. In some cases a restricted shell is used in conjunction with a chroot jail, in a further attempt to limit access to the system as a whole.

Invocation

The restricted mode of the Bourne shell sh, and its POSIX workalikes, is used when the interpreter is invoked in one of the following ways:

sh -r note that this conflicts with the "read" option in some sh variants
rsh note that this may conflict with the remote shell command, which is also called rsh on some systems

The restricted mode of Bash is used when Bash is invoked in one of the following ways:

rbash
bash -r
bash --restricted

Similarly the Korn shell's restricted mode is produced by invoking it thus:

rksh
ksh -r
Setting Up rbash

For some systems, the invocation through is not enabled by default, and the user obtains a error if invoked directly, or a login failure if the /etc/passwd file indicates as the user's shell.
It suffices to create a link named pointing directly to. Though this invokes Bash directly, without the or options, Bash does recognize that it was invoked through and it does come up as a restricted shell.
This can be accomplished with the following simple commands :

root@host:~# cd /bin
root@host:/bin# ln bash rbash

Limited operations

The following operations are not permitted in a restricted shell:

changing directory
specifying absolute pathnames or names containing a slash
setting the PATH or SHELL variable
redirection of output

Bash adds further restrictions, including:

limitations on function definitions
limitations on the use of slash-ed filenames in Bash builtins

Restrictions in the restricted Korn shell are much the same as those in the restricted Bourne shell.

Weaknesses of a restricted shell

The restricted shell is not secure. A user can break out of the restricted environment by running a program that features a shell function. The following is an example of the shell function in vi being used to escape from the restricted shell:

user@host:~$ vi

Or by simply starting a new unrestricted shell, if it is in the, as demonstrated here:

user@host:~$ rbash
user@host:~$ cd /
rbash: cd: restricted
user@host:~$ bash
user@host:~$ cd /
user@host:/$

List of programs

Beyond the restricted modes of usual shells, specialized restricted shell programs include:

– used with OpenSSH, permitting only certain file copying programs, namely scp, sftp, rsync, cvs, and rdist
smrsh, which limits the commands sendmail can invoke

Popular movies

The Hunger Games (film) - 2012 American dystopian action thriller science fiction-adventure film directed by Gary Ross and based on Suzanne Collins’s 2008 novel of the same name. It is the first insta...
untitled Captain Marvel sequel - part of Marvel Cinematic Universe....
Killers of the Flower Moon (film project) - Killers of the Flower Moon - film project in United States of America. It was presented as drama, detective fiction, thriller. The film project starred Leonardo Dicaprio, Robert De Niro. Director of...
Five Nights at Freddy's (film) - Five Nights at Freddy's - film published in 2017 in United States of America. Scenarist of the film - Scott Cawthon....

Popular books

Book of Revelation - The Book of Revelation is the final book of the New Testament, and consequently is also the final book of the Christian Bible. Its title is derived from the first word of the Koine Greek text: apok...
Book of Genesis - account of the creation of the world, the early history of humanity, Israel's ancestors and the origins...
Gospel of Matthew - The Gospel According to Matthew is the first book of the New Testament and one of the three synoptic gospels. It tells how Israel's Messiah, rejected and executed in Israel, pronounces judgement on ...
Michelin Guide - Michelin Guides are a series of guide books published by the French tyre company Michelin for more than a century. The term normally refers to the annually published Michelin Red Guide , the oldest...
Psalms - The Book of Psalms , commonly referred to simply as Psalms , the Psalter or "the Psalms", is the first book of the Ketuvim , the third section of the Hebrew Bible, and thus a book of th...
Ecclesiastes - Ecclesiastes is one of 24 books of the Tanakh , where it is classified as one of the Ketuvim . Originally written c. 450–200 BCE, it is also among the canonical Wisdom literature of the Old Tes...
The 48 Laws of Power - non-fiction book by American author Robert Greene. The book...

Popular television series

The Crown (TV series) - historical drama web television series about the reign of Queen Elizabeth II, created and principally written by Peter Morgan, and produced by Left Bank Pictures and Sony Pictures Tel...
Friends - American sitcom television series, created by David Crane and Marta Kauffman, which aired on NBC from September 22, 1994, to May 6, 2004, lasting ten seasons. With an ensemble cast sta...
Young Sheldon - spin-off prequel to The Big Bang Theory and begins with the character Sheldon...
Modern Family - American television mockumentary family sitcom created by Christopher Lloyd and Steven Levitan for the American Broadcasting Company. It ran for eleven seasons, from September 23...
Loki (TV series) - upcoming American web television miniseries created for Disney+ by Michael Waldron, based on the Marvel Comics character of the same name. It is set in the Marvel Cinematic Universe, shar...
Game of Thrones - American fantasy drama television series created by David Benioff and D. B. Weiss for HBO. It...
Shameless (American TV series) - American comedy-drama television series developed by John Wells which debuted on Showtime on January 9, 2011. It...

Restricted shell

Invocation

Setting Up rbash

Limited operations

Weaknesses of a restricted shell

List of programs