| | Comments (0)

If you want to restrict someone's shell access, use rbash.

chsh -s /bin/rbash username

ref. man bash


If bash is started with the name rbash, or the -r option is supplied at
invocation, the shell becomes restricted. A restricted shell is used
to set up an environment more controlled than the standard shell. It
behaves identically to bash with the exception that the following are
disallowed or not performed:

  • changing directories with cd
  • setting or unsetting the values of SHELL, PATH, ENV, or BASH_ENV
  • specifying command names containing /
  • specifying a file name containing a / as an argument to the .
    builtin command
  • Specifying a filename containing a slash as an argument to the
    -p option to the hash builtin command
  • importing function definitions from the shell environment at
  • parsing the value of SHELLOPTS from the shell environment at
  • redirecting output using the >, >|, <>, >&, &>, and >>
    redirection operators
  • using the exec builtin command to replace the shell with another
  • adding or deleting builtin commands with the -f and -d options
    to the enable builtin command
  • Using the enable builtin command to enable disabled shell
  • specifying the -p option to the command builtin command
  • turning off restricted mode with set +r or set +o restricted.

    These restrictions are enforced after any startup files are read.
    When a command that is found to be a shell script is executed (see COM-
    MAND EXECUTION above), rbash turns off any restrictions in the shell
    spawned to execute the script.

  • Leave a comment

    March 2009

    Sun Mon Tue Wed Thu Fri Sat
    1 2 3 4 5 6 7
    8 9 10 11 12 13 14
    15 16 17 18 19 20 21
    22 23 24 25 26 27 28
    29 30 31        

    About this Entry

    This page contains a single entry by Pank published on December 1, 2004 12:27 AM.

    Gaim buddy icon was the previous entry in this blog.

    In Korea, Email Is Only For Old People is the next entry in this blog.

    Find recent content on the main index or look in the archives to find all content.