rbash – Set Restricted shell in Linux


Overview :

rbash stands for restricted bash shell. In UNIX like operating when a user is created a default shell (/bin/bash) is assigned. So a user can move to any body's directories , so to avoid this situation we can assign the restricted shell to a user , restricted shell is just like a jail like environment or chroot environment.

Why rbash  ?

If bash is started with the name rbash, or the -r option is supplied at invocation, the shell becomes restricted.  A restricted shell  is  used to  set  up an environment more controlled than the standard shell.  It behaves identically to bash with the exception that the  following  are disallowed or not performed:

  • changing directories with cd
  • setting or unsetting the values of SHELL, PATH, ENV, or BASH_ENV
  • specifying command names containing /
  • specifying a file  name containing a / as an argument to the builtin command
  • specifying a filename containing a slash as an argument  to  the -p option to the hash builtin command
  • importing  function  definitions  from  the shell environment at startup
  • parsing the value of SHELLOPTS from  the  shell  environment  at startup
  • redirecting output using the >, >|, <>, >&, &>, and >> redirection operators
  • using the exec builtin command to replace the shell with another command
  • adding  or  deleting builtin commands with the -f and -d options to the enable builtin command
  • using the  enable  builtin  command  to  enable  disabled  shell builtins
  • specifying the -p option to the command builtin command.
  • turning off restricted mode with set +r or set +o restricted.
How To Set Restricted Shell

Set the environment you want it for a particular user and can put them startup file:$HOME/.bash_profile, as show below :

# .bash_profile
# Get the aliases and functions
if [ -f ~/.bashrc ]; then 
. ~/.bashrc
# User specific environment and startup programs
export PATH
bash -r

Now Login with the User & try to change the directories.

[test@puppetmaster ~]$ cd /etc/
bash: cd: restricted
[test@puppetmaster ~]$ cd /tmp/
bash: cd: restricted


For Setting Restricted Shell for All Users , create a symbolic link of /bin/bash to /bin/rbash

# cd /bin
# ln -s bash rbash