The restricted shell is a Unix shell that restricts some of the capabilities available to an interactive user session, or to a shell script, running within it. It is intended to provide an additional layer of security, but is insufficient to allow execution of entirely untrusted software. A restricted mode operation is found in the original Bourne shell and its later counterpart Bash, and in the KornShell. In some cases a restricted shell is used in conjunction with a chroot jail, in a further attempt to limit access to the system as a whole.

Invocation

The restricted mode of the Bourne shell sh, and its POSIX workalikes, is used when the interpreter is invoked in one of the following ways: The restricted mode of Bash is used when Bash is invoked in one of the following ways: Similarly KornShell's restricted mode is produced by invoking it thus:

Setting up rbash

For some systems (e.g., CentOS), the invocation through rbash is not enabled by default, and the user obtains a command not found error if invoked directly, or a login failure if the /etc/passwd file indicates /bin/rbash as the user's shell. It suffices to create a link named rbash pointing directly to bash. Though this invokes Bash directly, without the -r or --restricted options, Bash does recognize that it was invoked through rbash and it does come up as a restricted shell. This can be accomplished with the following simple commands (executed as root, either logged in as user root, or using sudo):

Limited operations

The following operations are not permitted in a restricted shell: Bash adds further restrictions, including: Restrictions in the restricted KornShell are much the same as those in the restricted Bourne shell.

Weaknesses of a restricted shell

The restricted shell is not secure. A user can break out of the restricted environment by running a program that features a shell function. The following is an example of the shell function in vi being used to escape from the restricted shell: Or by simply starting a new unrestricted shell, if it is in the PATH, as demonstrated here:

List of programs

Beyond the restricted modes of usual shells, specialized restricted shell programs include: