rbash - RESTRICTED SHELL

If you want to restrict someone's shell access, use rbash.

chsh -s /bin/rbash username

ref. man bash

RESTRICTED SHELL

If bash is started with the name rbash, or the -r option is supplied at
invocation, the shell becomes restricted. A restricted shell is used
to set up an environment more controlled than the standard shell. It
behaves identically to bash with the exception that the following are
disallowed or not performed:

changing directories with cd

setting or unsetting the values of SHELL, PATH, ENV, or BASH_ENV

specifying command names containing /

specifying a file name containing a / as an argument to the .
builtin command

Specifying a filename containing a slash as an argument to the
-p option to the hash builtin command

importing function definitions from the shell environment at
startup

parsing the value of SHELLOPTS from the shell environment at
startup

redirecting output using the >, >|, <>, >&, &>, and >>
redirection operators

using the exec builtin command to replace the shell with another
command

adding or deleting builtin commands with the -f and -d options
to the enable builtin command

Using the enable builtin command to enable disabled shell
builtins

specifying the -p option to the command builtin command

turning off restricted mode with set +r or set +o restricted.

These restrictions are enforced after any startup files are read.
When a command that is found to be a shell script is executed (see COM-
MAND EXECUTION above), rbash turns off any restrictions in the shell
spawned to execute the script.

Sun	Mon	Tue	Wed	Thu	Fri	Sat
1	2	3	4	5	6	7
8	9	10	11	12	13	14
15	16	17	18	19	20	21
22	23	24	25	26	27	28
29	30	31

rbash - RESTRICTED SHELL

Categories:

Leave a comment

Categories

Monthly Archives

Search

March 2009

About this Entry