Re: Keep users from executing system commands

s keeling writes:
Just curious. Does "export PATH=$PATH:$blah" work in rsh? I've never
used/needed it, so I've no idea of what it can do.


RBASH(1) RBASH(1)

NAME
rbash - restricted bash, see bash(1)

RESTRICTED SHELL
If bash is started with the name rbash, or the -r option is supplied at invocation, the shell becomes
restricted. A restricted shell is used to set up an environment more controlled than the standard shell.
It behaves identically to bash with the exception that the following are disallowed or not performed:

· changing directories with cd

· setting or unsetting the values of SHELL, PATH, ENV, or BASH_ENV

· specifying command names containing /

· specifying a file name containing a / as an argument to the . builtin command

· Specifying a filename containing a slash as an argument to the -p option to the hash builtin com-
mand

· importing function definitions from the shell environment at startup

· parsing the value of SHELLOPTS from the shell environment at startup

· redirecting output using the >, >|, <>, >&, &>, and >> redirection operators

· using the exec builtin command to replace the shell with another command

· adding or deleting builtin commands with the -f and -d options to the enable builtin command

· Using the enable builtin command to enable disabled shell builtins

· specifying the -p option to the command builtin command

· turning off restricted mode with set +r or set +o restricted.

These restrictions are enforced after any startup files are read.

When a command that is found to be a shell script is executed, rbash turns off any restrictions in the
shell spawned to execute the script.

SEE ALSO
bash(1)

--
John Hasler
john@xxxxxxxxxx
Dancing Horse Hill
Elmwood, WI USA
.

Relevant Pages

  • Re: Monitoring users cding out of their ~
    ... Why not just give them a restricted shell, so that they can't cd out ... · changing directories with cd ... specifying a file name containing a / as an argument ... -p option to the hash builtin command ...
    (comp.os.linux.security)
  • [gnu.bash.bug] BASH Frequently-Asked Questions (FAQ version 3.30)
    ... This is the Bash FAQ, version 3.30, for Bash version 3.0. ... Bash, the GNU Bourne-Again Shell. ... C3) Which new features in ksh-93 are not in bash, ... D1) Why does bash run a different version of `command' than ...
    (comp.unix.questions)
  • [gnu.bash.bug] BASH Frequently-Asked Questions (FAQ version 3.25)
    ... This is the Bash FAQ, version 3.25, for Bash version 2.05b. ... Bash, the GNU Bourne-Again Shell. ... C3) Which new features in ksh-93 are not in bash, ... D1) Why does bash run a different version of `command' than ...
    (comp.unix.questions)
  • [gnu.bash.bug] BASH Frequently-Asked Questions (FAQ version 3.26)
    ... This is the Bash FAQ, version 3.26, for Bash version 2.05b. ... Bash, the GNU Bourne-Again Shell. ... C3) Which new features in ksh-93 are not in bash, ... D1) Why does bash run a different version of `command' than ...
    (comp.unix.questions)
  • [gnu.bash.bug] BASH Frequently-Asked Questions (FAQ version 3.25)
    ... This is the Bash FAQ, version 3.25, for Bash version 2.05b. ... Bash, the GNU Bourne-Again Shell. ... C3) Which new features in ksh-93 are not in bash, ... D1) Why does bash run a different version of `command' than ...
    (comp.unix.questions)