source: Daodan/MSYS2/usr/share/doc/bash/RBASH@ 1181

Last change on this file since 1181 was 1166, checked in by rossy, 3 years ago

Daodan: Replace MinGW build env with an up-to-date MSYS2 env

File size: 2.4 KB
Line 
16.10 The Restricted Shell
2=========================
3
4If Bash is started with the name 'rbash', or the '--restricted' or '-r'
5option is supplied at invocation, the shell becomes restricted. A
6restricted shell is used to set up an environment more controlled than
7the standard shell. A restricted shell behaves identically to 'bash'
8with the exception that the following are disallowed or not performed:
9
10 * Changing directories with the 'cd' builtin.
11 * Setting or unsetting the values of the 'SHELL', 'PATH', 'HISTFILE',
12 'ENV', or 'BASH_ENV' variables.
13 * Specifying command names containing slashes.
14 * Specifying a filename containing a slash as an argument to the '.'
15 builtin command.
16 * Specifying a filename containing a slash as an argument to the
17 'history' builtin command.
18 * Specifying a filename containing a slash as an argument to the '-p'
19 option to the 'hash' builtin command.
20 * Importing function definitions from the shell environment at
21 startup.
22 * Parsing the value of 'SHELLOPTS' from the shell environment at
23 startup.
24 * Redirecting output using the '>', '>|', '<>', '>&', '&>', and '>>'
25 redirection operators.
26 * Using the 'exec' builtin to replace the shell with another command.
27 * Adding or deleting builtin commands with the '-f' and '-d' options
28 to the 'enable' builtin.
29 * Using the 'enable' builtin command to enable disabled shell
30 builtins.
31 * Specifying the '-p' option to the 'command' builtin.
32 * Turning off restricted mode with 'set +r' or 'set +o restricted'.
33
34These restrictions are enforced after any startup files are read.
35
36When a command that is found to be a shell script is executed (*note
37Shell Scripts::), 'rbash' turns off any restrictions in the shell
38spawned to execute the script.
39
40The restricted shell mode is only one component of a useful restricted
41environment. It should be accompanied by setting 'PATH' to a value that
42allows execution of only a few verified commands (commands that allow
43shell escapes are particularly vulnerable), leaving the user in a
44non-writable directory other than his home directory after login, not
45allowing the restricted shell to execute shell scripts, and cleaning the
46environment of variables that cause some commands to modify their
47behavior (e.g., 'VISUAL' or 'PAGER').
48
49Modern systems provide more secure ways to implement a restricted
50environment, such as 'jails', 'zones', or 'containers'.
51
Note: See TracBrowser for help on using the repository browser.