Menu
Home
People
Places
Arts
History
Plants & Animals
Science
Life & Culture
Technology
Reference.org
Restricted shell
open-in-new
<h2 id="invocation">Invocation</h2> <p>The restricted mode of the Bourne shell sh, and its POSIX workalikes, is used when the interpreter is invoked in one of the following ways: </p> <ul><li>sh -r <i>note that this conflicts with the "read" option in some sh variants</i></li> <li>rsh <i>note that this may conflict with the <a href="/facts/Remote_shell/3srzDw31">remote shell</a> command, which is also called rsh on some systems</i></li></ul> <p>The restricted mode of Bash is used when Bash is invoked in one of the following ways: </p> <ul><li>rbash</li> <li>bash -r</li> <li>bash --restricted</li></ul> <p>Similarly KornShell's restricted mode is produced by invoking it thus: </p> <ul><li>rksh</li> <li>ksh -r</li></ul> <h3>Setting up rbash</h3> <p>For some systems (e.g., <a href="/facts/CentOS/FGGc2cIx">CentOS</a>), the invocation through rbash is not enabled by default, and the user obtains a command not found error if invoked directly, or a login failure if the <a href="/facts/%2fetc%2fpasswd/zumE69MQ">/etc/passwd</a> file indicates /bin/rbash as the user's shell. </p><p>It suffices to create a link named rbash pointing directly to bash. Though this invokes Bash directly, without the -r or --restricted options, Bash does recognize that it was invoked through rbash and it does come up as a restricted shell. </p><p>This can be accomplished with the following simple commands (executed as root, either logged in as user root, or using <a href="/facts/Sudo/7jhmGdqg">sudo</a>): </p> root@host:~# cd /bin root@host:/bin# ln bash rbash <h2 id="limited-operations">Limited operations</h2> <p>The following operations are not permitted in a restricted shell: </p> <ul><li>changing directory</li> <li>specifying absolute pathnames or names containing a slash</li> <li>setting the PATH or SHELL variable</li> <li>redirection of output</li></ul> <p>Bash adds further restrictions, including:<a class="footnote-ref" id="fnref:4" href="#fn:4"><sup>4</sup></a> </p> <ul><li>limitations on function definitions</li> <li>limitations on the use of slash-ed filenames in Bash builtins</li></ul> <p>Restrictions in the restricted KornShell are much the same as those in the restricted Bourne shell.<a class="footnote-ref" id="fnref:5" href="#fn:5"><sup>5</sup></a> </p> <h2 id="weaknesses-of-a-restricted-shell">Weaknesses of a restricted shell</h2> <p>The restricted shell is not secure. A user can break out of the restricted environment by running a program that features a shell function. The following is an example of the shell function in <a href="/facts/Vi_(text_editor)/d8G1PkDh">vi</a> being used to escape from the restricted shell: </p> user@host:~$ vi :set shell=/bin/sh :shell <p>Or by simply starting a new unrestricted shell, if it is in the PATH, as demonstrated here: </p> user@host:~$ rbash user@host:~$ cd / rbash: cd: restricted user@host:~$ bash user@host:~$ cd / user@host:/$ <h2 id="list-of-programs">List of programs</h2> <p>Beyond the restricted modes of usual shells, specialized restricted shell programs include: </p> <ul><li><a href="http://www.pizzashack.org/rssh/">rssh</a> – used with <a href="/facts/OpenSSH/2qxJ3Fe7">OpenSSH</a>, permitting only certain file copying programs, namely <a href="/facts/Secure_copy/letk8brL">scp</a>, <a href="/facts/Secure_File_Transfer_Program/IcD5QFTl">sftp</a>, <a href="/facts/Rsync/H4UlsQ3U">rsync</a>, <a href="/facts/Concurrent_Versions_System/PKnqSra2">cvs</a>, and rdist</li> <li>smrsh, which limits the commands <a href="/facts/Sendmail/NBXSd1JA">sendmail</a> can invoke<a class="footnote-ref" id="fnref:6" href="#fn:6"><sup>6</sup></a></li></ul> <h2 id="see-also">See also</h2> <ul><li><a href="/facts/Remote_Shell/3srzDw31">Remote Shell</a></li></ul> <h2 id="references">References</h2> <ol> <li id="fn:1"><p>"POSIX sh specification". Archived from the original on 2014-12-21. Retrieved 2010-10-04. <a href="https://web.archive.org/web/20141221210713/http://pwet.fr/man/linux/commandes/posix/sh" target="_blank">https://web.archive.org/web/20141221210713/http://pwet.fr/man/linux/commandes/posix/sh</a> <a href="#fnref:1" class="footnote-back-ref">↩</a></p></li> <li id="fn:2"><p>GNU Bash manual <a href="https://www.gnu.org/software/bash/manual/bashref.html#The-Restricted-Shell" target="_blank">https://www.gnu.org/software/bash/manual/bashref.html#The-Restricted-Shell</a> <a href="#fnref:2" class="footnote-back-ref">↩</a></p></li> <li id="fn:3"><p>ksh manual, Solaris (SunOS 5.10) manual page, Oracle Inc. <a href="http://docs.sun.com/app/docs/doc/816-5165/ksh-1?l=en&n=1&a=view" target="_blank">http://docs.sun.com/app/docs/doc/816-5165/ksh-1?l=en&n=1&a=view</a> <a href="#fnref:3" class="footnote-back-ref">↩</a></p></li> <li id="fn:4"><p>GNU Bash manual <a href="https://www.gnu.org/software/bash/manual/bashref.html#The-Restricted-Shell" target="_blank">https://www.gnu.org/software/bash/manual/bashref.html#The-Restricted-Shell</a> <a href="#fnref:4" class="footnote-back-ref">↩</a></p></li> <li id="fn:5"><p>ksh(1) manual page, IBM AIX documentation set <a href="http://publib.boulder.ibm.com/infocenter/aix/v6r1/index.jsp?topic=/com.ibm.aix.baseadmn/doc/baseadmndita/korn_shell_restricted.htm" target="_blank">http://publib.boulder.ibm.com/infocenter/aix/v6r1/index.jsp?topic=/com.ibm.aix.baseadmn/doc/baseadmndita/korn_shell_restricted.htm</a> <a href="#fnref:5" class="footnote-back-ref">↩</a></p></li> <li id="fn:6"><p>Costales, Bryan; Assmann, Claus; Jansen, George; Shapiro, Gregory Neil (2007). Sendmail. Oreilly Series (4 ed.). O'Reilly Media, Inc. p. 379. ISBN 9780596510299. Retrieved 2012-08-02. As an aid in preventing [...] attacks, V8.1 sendmail first offered the smrsh (sendmail restricted shell) program. <a href="9780596510299" target="_blank">9780596510299</a> <a href="#fnref:6" class="footnote-back-ref">↩</a></p></li> </ol>