| Jari Aalto | 95732b4 | 2005-12-07 14:08:12 +0000 | [diff] [blame] | 1 | 6.10 The Restricted Shell |
| 2 | ========================= |
| Jari Aalto | 7117c2d | 2002-07-17 14:10:11 +0000 | [diff] [blame] | 3 | |
| Chet Ramey | a0c0a00 | 2016-09-15 16:59:08 -0400 | [diff] [blame^] | 4 | If Bash is started with the name 'rbash', or the '--restricted' or '-r' |
| Jari Aalto | 7117c2d | 2002-07-17 14:10:11 +0000 | [diff] [blame] | 5 | option is supplied at invocation, the shell becomes restricted. A |
| 6 | restricted shell is used to set up an environment more controlled than |
| Chet Ramey | a0c0a00 | 2016-09-15 16:59:08 -0400 | [diff] [blame^] | 7 | the standard shell. A restricted shell behaves identically to 'bash' |
| Jari Aalto | 7117c2d | 2002-07-17 14:10:11 +0000 | [diff] [blame] | 8 | with the exception that the following are disallowed or not performed: |
| 9 | |
| Chet Ramey | a0c0a00 | 2016-09-15 16:59:08 -0400 | [diff] [blame^] | 10 | * Changing directories with the 'cd' builtin. |
| 11 | * Setting or unsetting the values of the 'SHELL', 'PATH', 'ENV', or |
| 12 | 'BASH_ENV' variables. |
| Jari Aalto | 7117c2d | 2002-07-17 14:10:11 +0000 | [diff] [blame] | 13 | * Specifying command names containing slashes. |
| Chet Ramey | a0c0a00 | 2016-09-15 16:59:08 -0400 | [diff] [blame^] | 14 | * Specifying a filename containing a slash as an argument to the '.' |
| Jari Aalto | 7117c2d | 2002-07-17 14:10:11 +0000 | [diff] [blame] | 15 | builtin command. |
| Chet Ramey | a0c0a00 | 2016-09-15 16:59:08 -0400 | [diff] [blame^] | 16 | * Specifying a filename containing a slash as an argument to the '-p' |
| 17 | option to the 'hash' builtin command. |
| Jari Aalto | 7117c2d | 2002-07-17 14:10:11 +0000 | [diff] [blame] | 18 | * Importing function definitions from the shell environment at |
| 19 | startup. |
| Chet Ramey | a0c0a00 | 2016-09-15 16:59:08 -0400 | [diff] [blame^] | 20 | * Parsing the value of 'SHELLOPTS' from the shell environment at |
| Jari Aalto | 7117c2d | 2002-07-17 14:10:11 +0000 | [diff] [blame] | 21 | startup. |
| Chet Ramey | a0c0a00 | 2016-09-15 16:59:08 -0400 | [diff] [blame^] | 22 | * Redirecting output using the '>', '>|', '<>', '>&', '&>', and '>>' |
| Jari Aalto | 7117c2d | 2002-07-17 14:10:11 +0000 | [diff] [blame] | 23 | redirection operators. |
| Chet Ramey | a0c0a00 | 2016-09-15 16:59:08 -0400 | [diff] [blame^] | 24 | * Using the 'exec' builtin to replace the shell with another command. |
| 25 | * Adding or deleting builtin commands with the '-f' and '-d' options |
| 26 | to the 'enable' builtin. |
| 27 | * Using the 'enable' builtin command to enable disabled shell |
| Jari Aalto | 7117c2d | 2002-07-17 14:10:11 +0000 | [diff] [blame] | 28 | builtins. |
| Chet Ramey | a0c0a00 | 2016-09-15 16:59:08 -0400 | [diff] [blame^] | 29 | * Specifying the '-p' option to the 'command' builtin. |
| 30 | * Turning off restricted mode with 'set +r' or 'set +o restricted'. |
| Jari Aalto | 7117c2d | 2002-07-17 14:10:11 +0000 | [diff] [blame] | 31 | |
| 32 | These restrictions are enforced after any startup files are read. |
| 33 | |
| 34 | When a command that is found to be a shell script is executed (*note |
| Chet Ramey | a0c0a00 | 2016-09-15 16:59:08 -0400 | [diff] [blame^] | 35 | Shell Scripts::), 'rbash' turns off any restrictions in the shell |
| Jari Aalto | 7117c2d | 2002-07-17 14:10:11 +0000 | [diff] [blame] | 36 | spawned to execute the script. |
| 37 | |