第172页 | Learning the Bash Shell | 阅读 ‧ 电子书库

Restricted Shell

The restricted shell is designed to put the user into an environment where her ability to move around and write files is severely limited. It's usually used for "guest" accounts.[11] You can make a user's login shell restricted by putting rbash in the user's /etc/passwd entry.[12]

The specific constraints imposed by the restricted shell disallow the user from doing the following:

 

Changing working directories: cd is inoperative. If you try to use it, you will get the error message bash: cd: restricted.Redirecting output to a file: the redirectors >, >|, <>, and >> are not allowed. Assigning a new value to the environment variables ENV, BASH_ENV, SHELL, or PATH. Specifying any commands with slashes (/) in them. The shell will treat files outside of the current directory as "not found." Using the exec built-in.Specifying a filename containing a / as an argument to the . built-in command.Importing function definitions from the shell environment at startup. Adding or deleting built-in commands with the -f and -d options to the enable built-in command. Specifying the -p option to the builtin command.Turning off restricted mode with set +r.

These restrictions go into effect after the user's .bash_profile and environment files are run. In addition, it is wise to change the owner of the users' .bash_profile and .bashrc to root, and make these files read-only. The users' home directory should also be made read-only.

This means that the restricted shell user's entire environment is set up in /etc/profile and .bash_profile. Since the user can't access /etc/profile and can't overwrite .bash_profile, this lets the system administrator configure the environment as he sees fit.

Two common ways of setting up such environments are to set up a directory of "safe" commands and have that directory be the only one in PATH, and to set up a command menu from which the user can't escape without exiting the shell.