Using the Restricted Shell
The standard shell allows a user to open files, execute commands, and so on. The restricted shell can be used to limit the ability of a user to change directories and execute commands. The restricted shell (rsh) is located in the /usr/lib directory. (Note that this is not the remote shell, which is /usr/sbin/rsh.) The restricted shell differs from the normal shell in these ways:
-
The user is limited to the home directory (can't use cd to change directories).
-
The user can use only commands in the PATH set by the system administrator (can't change the PATH variable).
-
The user can access only files in the home directory and its subdirectories (can't name commands or files using a complete path name).
-
The user cannot redirect output with > or >>.
The restricted shell allows the system administrator to limit a user's ability to stray into the system files, and is intended mainly to set up a user who needs to perform specific tasks. The rsh is not completely secure, however, and is only intended to keep unskilled users from getting into (or causing) trouble.
See rsh(1M) for information about the restricted shell.
- © 2010, Oracle Corporation and/or its affiliates