blob: ebd414ca65b7e61f279dd4bac47fbf75275ac4ba (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
|
RBASH(1) RBASH(1)
NNAAMMEE
rbash - restricted bash, see bbaasshh(1)
RREESSTTRRIICCTTEEDD SSHHEELLLL
If bbaasshh is started with the name rrbbaasshh, or the --rr option is supplied at
invocation, the shell becomes restricted. A restricted shell is used
to set up an environment more controlled than the standard shell. It
behaves identically to bbaasshh with the exception that the following are
disallowed or not performed:
+o changing directories with ccdd
+o setting or unsetting the values of SSHHEELLLL, PPAATTHH, EENNVV, or BBAASSHH__EENNVV
+o specifying command names containing //
+o specifying a file name containing a // as an argument to the ..
builtin command
+o specifying a filename containing a slash as an argument to the
--pp option to the hhaasshh builtin command
+o importing function definitions from the shell environment at
startup
+o parsing the value of SSHHEELLLLOOPPTTSS from the shell environment at
startup
+o redirecting output using the >, >|, <>, >&, &>, and >> redirect-
ion operators
+o using the eexxeecc builtin command to replace the shell with another
command
+o adding or deleting builtin commands with the --ff and --dd options
to the eennaabbllee builtin command
+o using the eennaabbllee builtin command to enable disabled shell
builtins
+o specifying the --pp option to the ccoommmmaanndd builtin command
+o turning off restricted mode with sseett ++rr or sseett ++oo rreessttrriicctteedd.
These restrictions are enforced after any startup files are read.
When a command that is found to be a shell script is executed, rrbbaasshh
turns off any restrictions in the shell spawned to execute the script.
SSEEEE AALLSSOO
bash(1)
GNU Bash-4.0 2004 Apr 20 RBASH(1)
|