Assigning a Restricted Shell to Users
The standard shell allows a user to open files, execute commands, and so on. The
restricted shell limits the ability of a user to change directories and to execute
commands. The restricted shell is invoked with the /usr/lib/rsh
command. Note that the restricted shell is not the remote shell, which is
/usr/sbin/rsh
.
The restricted shell differs from a standard shell in the following ways:
-
User access is limited to the user's home directory, so the user cannot use the
cd
command to change directories. Therefore, the user cannot browse system files. -
The user cannot change the
PATH
variable, so the user can use commands only in the path that is set by the system administrator. The user also cannot execute commands or scripts by using a complete path name. -
The user cannot redirect output with
>
or>>
.
The restricted shell enables you to limit a user's ability to stray into system files. The shell creates a limited environment for a user who needs to perform specific tasks. The restricted shell is not completely secure, however, and is intended only to keep unskilled users from inadvertently doing damage.
For information about the restricted shell, use the man -s8
rsh
command to see the
rsh
(8) man page.