{{how-to|date=October 2017}} The '''restricted shell''' is a Unix shell that restricts some of the capabilities available to an interactive user session, or to a shell script, running within it. It is intended to provide an additional layer of security, but is insufficient to prevent execution of entirely untrusted software. A restricted mode operation is found in the original Bourne shell<ref name="posix_sh">{{Cite web |url=http://pwet.fr/man/linux/commandes/posix/sh |title=POSIX sh specification |access-date=2010-10-04 |archive-date=2014-12-21 |archive-url=https://web.archive.org/web/20141221210713/http://pwet.fr/man/linux/commandes/posix/sh |url-status=dead }}</ref> and its later counterpart Bash,<ref name="bash_manual">[https://www.gnu.org/software/bash/manual/bashref.html#The-Restricted-Shell GNU Bash manual]</ref> and in the KornShell.<ref name="ksh_manual">[http://docs.sun.com/app/docs/doc/816-5165/ksh-1?l=en&n=1&a=view ksh manual], Solaris (SunOS 5.10) manual page, Oracle Inc.</ref> In some cases a restricted shell is used in conjunction with a chroot jail, in a further attempt to limit access to the system as a whole.

==Invocation== The restricted mode of the Bourne shell {{mono|sh}}, and its POSIX workalikes, is used when the interpreter is invoked in one of the following ways: * {{kbd|sh -r}} &nbsp;&nbsp;&nbsp;''note that this conflicts with the "read" option in some {{mono|sh}} variants'' * {{kbd|rsh}} &nbsp;&nbsp;&nbsp;''note that this may conflict with the remote shell command, which is also called {{mono|rsh}} on some systems''

The restricted mode of Bash is used when Bash is invoked in one of the following ways: * {{kbd|rbash}} * {{kbd|bash -r}} * {{kbd|bash --restricted}}

Similarly KornShell's restricted mode is produced by invoking it thus: * {{kbd|rksh}} * {{kbd|ksh -r}}

===Setting up rbash===

For some systems (e.g., CentOS), the invocation through {{mono|rbash}} is not enabled by default, and the user obtains a {{samp|command not found|color=red}} error if invoked directly, or a login failure if the /etc/passwd file indicates {{mono|/bin/rbash}} as the user's shell.

It suffices to create a link named {{mono|rbash}} pointing directly to {{mono|bash}}. Though this invokes Bash directly, without the {{kbd|-r}} or {{kbd|--restricted}} options, Bash does recognize that it was invoked through {{mono|rbash}} and it does come up as a restricted shell.

This can be accomplished with the following simple commands (executed as root, either logged in as user root, or using sudo): <syntaxhighlight lang="console"> root@host:~# cd /bin root@host:/bin# ln bash rbash </syntaxhighlight>

==Limited operations== The following operations are not permitted in a restricted shell:

* changing directory * specifying absolute pathnames or names containing a slash * setting the PATH or SHELL variable * redirection of output

Bash adds further restrictions, including:<ref name="bash_manual"/> * limitations on function definitions * limitations on the use of slash-ed filenames in Bash builtins

Restrictions in the restricted KornShell are much the same as those in the restricted Bourne shell.<ref name="aix_ksh_manual">[http://publib.boulder.ibm.com/infocenter/aix/v6r1/index.jsp?topic=/com.ibm.aix.baseadmn/doc/baseadmndita/korn_shell_restricted.htm ksh(1) manual page], IBM AIX documentation set</ref>

==Weaknesses of a restricted shell== The restricted shell is not secure. A user can break out of the restricted environment by running a program that features a shell function. The following is an example of the shell function in vi being used to escape from the restricted shell: <syntaxhighlight lang="console"> user@host:~$ vi </syntaxhighlight> <syntaxhighlight lang="vim"> :set shell=/bin/sh :shell </syntaxhighlight> Or by simply starting a new unrestricted shell, if it is in the {{mono|PATH}}, as demonstrated here: <syntaxhighlight lang="console"> user@host:~$ rbash user@host:~$ cd / rbash: cd: restricted user@host:~$ bash user@host:~$ cd / user@host:/$ </syntaxhighlight>

== List of programs == Beyond the restricted modes of usual shells, specialized restricted shell programs include: * <code>[http://www.pizzashack.org/rssh/ rssh]</code> – used with OpenSSH, permitting only certain file copying programs, namely scp, sftp, rsync, cvs, and rdist * <code>smrsh</code>, which limits the commands sendmail can invoke<ref> {{cite book | last1 = Costales | first1 = Bryan | last2 = Assmann | first2 = Claus | last3 = Jansen | first3 = George | author3-link = | last4 = Shapiro | first4 = Gregory Neil | title = Sendmail | url = https://books.google.com/books?id=NQblqMiVqvQC | accessdate = 2012-08-02 | edition = 4 | series = Oreilly Series | year = 2007 | publisher = O'Reilly Media, Inc. | isbn = 9780596510299 | page = 379 | quote = As an aid in preventing [...] attacks, V8.1 ''sendmail'' first offered the ''smrsh'' ('''s'''end'''m'''ail '''r'''estricted '''sh'''ell) program. }} </ref>

== See also == * Remote Shell

==References== {{reflist}}

Category:Command shells