The restricted shell is a Unix shell that restricts some of the capabilities available to an interactive user session, or to a shell script, running within it. It is intended to provide an additional layer of security, but is insufficient to allow execution of entirely untrusted software. A restricted mode operation is found in the original Bourne shell and its later counterpart bash, and in the Korn shell. In some cases a restricted shell is used in conjunction with a chroot jail, in a further attempt to limit access to the system as a whole.
Contents
Invocation
The restricted mode of the Bourne shell sh, and its POSIX workalikes, is used when the interpreter is invoked in one of the following ways:
The restricted mode of bash is used when bash is invoked in one of the following ways:
Similarly the Korn shell's restricted mode is produced by invoking it thus:
Setting Up rbash
For some systems (e.g., CentOS), the invocation through rbash is not enabled by default, and the user obtains a command not found error if invoked directly, or a login failure if the /etc/passwd file indicates /bin/rbash as the user's shell.
It suffices to create a link named rbash pointing directly to bash. Though this invokes bash directly, without the -r or --restricted options, bash does recognize that it was invoked through rbash and it does come up as a restricted shell.
This can be accomplished with the following simple commands (executed as root, either logged in as user root, or using sudo):
Limited operations
The following operations are not permitted in a restricted shell:
bash adds further restrictions, including:
Restrictions in the restricted Korn shell are much the same as those in the restricted Bourne shell.
Weaknesses of a restricted shell
The restricted shell is not secure. A user can break out of the restricted environment by running a program that features a shell function. The following is an example of the shell function in vi being used to escape from the restricted shell:
Or by simply starting a new unrestricted shell, if it is in the PATH, as demonstrated here:
List of programs
Beyond the restricted modes of usual shells, specialized restricted shell programs include:
rssh
– used with OpenSSH, permitting only certain file copying programs, namely scp, sftp, rsync, cvs, and rdistsmrsh
, which limits the commands sendmail
can invoke