Next: Bash POSIX Mode, Previous: Controlling the Prompt, Up: Bash Features [Contents][Index]
If Bash is started with the name rbash, or the
--restricted
or
-r
option is supplied at invocation, the shell becomes restricted.
A restricted shell is used to
set up an environment more controlled than the standard shell.
A restricted shell behaves identically to bash
with the exception that the following are disallowed or not performed:
cd builtin.
SHELL, PATH,
HISTFILE,
ENV, or BASH_ENV variables.
.
builtin command.
history
builtin command.
hash builtin command.
SHELLOPTS from the shell environment at startup.
exec builtin to replace the shell with another command.
enable builtin.
enable builtin command to enable disabled shell builtins.
command builtin.
These restrictions are enforced after any startup files are read.
When a command that is found to be a shell script is executed
(see Shell Scripts), rbash turns off any restrictions in
the shell spawned to execute the script.
The restricted shell mode is only one component of a useful restricted
environment. It should be accompanied by setting PATH to a value
that allows execution of only a few verified commands (commands that
allow shell escapes are particularly vulnerable), changing the current
directory to a non-writable directory other than $HOME after login,
not allowing the restricted shell to execute shell scripts, and cleaning
the environment of variables that cause some commands to modify their
behavior (e.g., VISUAL or PAGER).
Modern systems provide more secure ways to implement a restricted environment,
such as jails, zones, or containers.
Next: Bash POSIX Mode, Previous: Controlling the Prompt, Up: Bash Features [Contents][Index]