rbash – Set Restricted shell in Linux
rbash stands for restricted bash shell. In UNIX like operating when a user is created a default shell (/bin/bash) is assigned. So a user can move to any body's directories , so to avoid this situation we can assign the restricted shell to a user , restricted shell is just like a jail like environment or chroot environment.
Why rbash ?
If bash is started with the name rbash, or the -r option is supplied at invocation, the shell becomes restricted. A restricted shell is used to set up an environment more controlled than the standard shell. It behaves identically to bash with the exception that the following are disallowed or not performed:
- changing directories with cd
- setting or unsetting the values of SHELL, PATH, ENV, or BASH_ENV
- specifying command names containing /
- specifying a file name containing a / as an argument to the builtin command
- specifying a filename containing a slash as an argument to the -p option to the hash builtin command
- importing function definitions from the shell environment at startup
- parsing the value of SHELLOPTS from the shell environment at startup
- redirecting output using the >, >|, <>, >&, &>, and >> redirection operators
- using the exec builtin command to replace the shell with another command
- adding or deleting builtin commands with the -f and -d options to the enable builtin command
- using the enable builtin command to enable disabled shell builtins
- specifying the -p option to the command builtin command.
- turning off restricted mode with set +r or set +o restricted.
How To Set Restricted Shell
Set the environment you want it for a particular user and can put them startup file:$HOME/.bash_profile, as show below :
# .bash_profile # Get the aliases and functions if [ -f ~/.bashrc ]; then . ~/.bashrc fi # User specific environment and startup programs PATH=$PATH:$HOME/bin export PATH bash -r
Now Login with the User & try to change the directories.
[test@puppetmaster ~]$ cd /etc/ bash: cd: restricted [test@puppetmaster ~]$ cd /tmp/ bash: cd: restricted
For Setting Restricted Shell for All Users , create a symbolic link of /bin/bash to /bin/rbash
# cd /bin # ln -s bash rbash