Using the Restricted Shell
The standard shell allows a user to open files, execute commands, and so on. The restricted shell (rsh) can be used to limit the ability of a user to change directories and execute commands. The restricted shell is located in the /usr/lib directory. Note that the restricted shell is not the remote shell, which is /usr/sbin/rsh. The restricted shell differs from the standard shell in these ways:
-
The user is limited to the home directory, so the user cannot use the cd command to change directories.
-
The user can use only commands in the PATH set by the system administrator, so the user cannot change the PATH variable.
-
The user can access only files in the home directory and its subdirectories, so the user cannot name commands or files by using a complete path name.
-
The user cannot redirect output with > or >>.
The restricted shell allows the system administrator to limit a user's ability to stray into the system files, and is intended mainly to set up a user who needs to perform specific tasks. The restricted shell is not completely secure, however, and is only intended to keep unskilled users from getting into (or causing) trouble.
For information about the restricted shell, see the rsh(1M) man page.
A more secure alternative to the restricted shell is the Secure Shell (ssh), which enables users to securely access a remote host over an unsecured network. For information about using the Secure Shell, see Chapter 5, Secure Shell Administration (Reference).
- © 2010, Oracle Corporation and/or its affiliates