This articlecontainsinstructions, advice, or how-to content. Please helprewrite the content so that it is more encyclopedic ormove it toWikiversity,Wikibooks, orWikivoyage.(October 2017)

Therestricted shell is aUnix shell that restricts some of the capabilities available to an interactive user session, or to ashell script, running within it. It is intended to provide an additional layer of security, but is insufficient to allow execution of entirely untrusted software. A restricted mode operation is found in the originalBourne shell^[1] and its later counterpartBash,^[2] and in theKornShell.^[3] In some cases a restricted shell is used in conjunction with achroot jail, in a further attempt to limit access to the system as a whole.

The restricted mode of the Bourne shellsh, and its POSIX workalikes, is used when the interpreter is invoked in one of the following ways:

• sh -r    note that this conflicts with the "read" option in somesh variants
• rsh    note that this may conflict with theremote shell command, which is also calledrsh on some systems

The restricted mode of Bash is used when Bash is invoked in one of the following ways:

• rbash
• bash -r
• bash --restricted

Similarly KornShell's restricted mode is produced by invoking it thus:

• rksh
• ksh -r

For some systems (e.g.,CentOS), the invocation throughrbash is not enabled by default, and the user obtains acommand not found error if invoked directly, or a login failure if the/etc/passwd file indicates/bin/rbash as the user's shell.

It suffices to create a link namedrbash pointing directly tobash. Though this invokes Bash directly, without the-r or--restricted options, Bash does recognize that it was invoked throughrbash and it does come up as a restricted shell.

This can be accomplished with the following simple commands (executed as root, either logged in as user root, or usingsudo):

root@host:~#cd/binroot@host:/bin#lnbashrbash

The following operations are not permitted in a restricted shell:

• changing directory
• specifying absolute pathnames or names containing a slash
• setting the PATH or SHELL variable
• redirection of output

Bash adds further restrictions, including:^[2]

• limitations on function definitions
• limitations on the use of slash-ed filenames in Bash builtins

Restrictions in the restricted KornShell are much the same as those in the restricted Bourne shell.^[4]

The restricted shell is not secure. A user can break out of the restricted environment by running a program that features a shell function. The following is an example of the shell function invi being used to escape from the restricted shell:

user@host:~$vi

:setshell=/bin/sh:shell

Or by simply starting a new unrestricted shell, if it is in thePATH, as demonstrated here:

user@host:~$rbashuser@host:~$cd/rbash: cd: restricteduser@host:~$bashuser@host:~$cd/user@host:/$

Beyond the restricted modes of usual shells, specialized restricted shell programs include:

• rssh – used withOpenSSH, permitting only certain file copying programs, namelyscp,sftp,rsync,cvs, and rdist
• smrsh, which limits the commandssendmail can invoke^[5]

• Remote Shell

• Command shells

• Articles needing cleanup from October 2017
• All pages needing cleanup
• Articles containing how-to sections