Restricted Shell
A restricted shell is designed to put the user into an environment where the ability to move around and write files is severely limited. It's usually used for guest accounts. POSIX does not specify that environments provide a restricted shell, "because it does not provide the level of security restriction that is implied by historical documentation." Nevertheless, both ksh93 and bash do provide this facility. We describe it here for both of them.
When invoked as rksh
(or with the -r option), ksh93 acts as a restricted shell. You can make
a user's login shell restricted by putting the full pathname to rksh in the user's /etc/passwd entry. The ksh93 executable file must have a link to it
named rksh for this to work.
The specific constraints imposed by the restricted ksh93 disallow the user from doing the things described in the following list. Some of these features are specific to ksh93; for more information see Learning the Korn Shell.
Changing working directories: cd is inoperative. If you try to use it, you will get the error message
ksh: cd: restricted.Redirecting output to a file: the redirectors
>,>|,<>, and>>are not allowed. This includes using exec.Assigning a new value to the environment variables
ENV,FPATH,PATH, orSHELL, or trying to change their attributes with typeset.Specifying any pathnames of commands with slashes (/) in them. The shell only runs commands found along
$PATH.Adding new built-in commands with the builtin command.
Similar to ksh93 ...
Get Classic Shell Scripting now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
