If Bash is started with the name rbash, or the --restricted or -r option is supplied at invocation, the shell becomes restricted. A restricted shell is used to set up an environment more controlled than the standard shell. A restricted shell behaves identically to bash with the exception that the following are disallowed or not performed:
* Changing directories with the cd built-in.
* Setting or unsetting the values of the SHELL, PATH, ENV, or BASH_ENV variables.
* Specifying command names containing slashes.
* Specifying a filename containing a slash as an argument to the . built-in command.
* Specifying a filename containing a slash as an argument to the -p option to the hash built-in command.
* Importing function definitions from the shell environment at startup.
* Parsing the value of SHELLOPTS from the shell environment at startup.
* Redirecting output using the ‘>’, ‘>|’, ‘<>’, ‘>&’, ‘&>’, and ‘>>’ redirection operators.
* Using the exec built-in to replace the shell with another command.
* Adding or deleting built-in commands with the -f and -d options to the enable built-in.
* Using the enable built-in command to enable disabled shell built-ins.
* Specifying the -p option to the command built-in.
Turning off restricted mode with ‘set +r’ or ‘set +o restricted’.
Below is simple bash script ...
feel free to copy and use this code.
Source: cat restricted.sh
#!/bin/bash
echo
echo "changing the dir"
cd /usr/local
echo "Current location: $(pwd)"
echo "Back to original dir"
cd
echo "Now, the current location: $(pwd)"
echo
echo "Setting the restricted mode"
set -r
echo
echo "changing the directory"
cd /usr/local
echo "Current location: $(pwd)"
echo
echo "changing the shell varaible"
SHELL="/bin/false"
echo
echo "Now, the value of SHELL is $SHELL"
echo
echo "Redirect the output"
ls -l > list.txt
Output: ./restricted.sh
changing the dir
Current location: /usr/local
Back to original dir
Now, the current location: /home/poison
Setting the restricted mode
changing the directory
./restricted.sh: line 17: cd: restricted
Current location: /home/poison
changing the shell varaible
./restricted.sh: line 22: SHELL: readonly variable
Now, the value of SHELL is /bin/bash
Redirect the output
./restricted.sh: line 28: list.txt: restricted: cannot redirect output
* Changing directories with the cd built-in.
* Setting or unsetting the values of the SHELL, PATH, ENV, or BASH_ENV variables.
* Specifying command names containing slashes.
* Specifying a filename containing a slash as an argument to the . built-in command.
* Specifying a filename containing a slash as an argument to the -p option to the hash built-in command.
* Importing function definitions from the shell environment at startup.
* Parsing the value of SHELLOPTS from the shell environment at startup.
* Redirecting output using the ‘>’, ‘>|’, ‘<>’, ‘>&’, ‘&>’, and ‘>>’ redirection operators.
* Using the exec built-in to replace the shell with another command.
* Adding or deleting built-in commands with the -f and -d options to the enable built-in.
* Using the enable built-in command to enable disabled shell built-ins.
* Specifying the -p option to the command built-in.
Turning off restricted mode with ‘set +r’ or ‘set +o restricted’.
Below is simple bash script ...
feel free to copy and use this code.
Source: cat restricted.sh
#!/bin/bash
echo
echo "changing the dir"
cd /usr/local
echo "Current location: $(pwd)"
echo "Back to original dir"
cd
echo "Now, the current location: $(pwd)"
echo
echo "Setting the restricted mode"
set -r
echo
echo "changing the directory"
cd /usr/local
echo "Current location: $(pwd)"
echo
echo "changing the shell varaible"
SHELL="/bin/false"
echo
echo "Now, the value of SHELL is $SHELL"
echo
echo "Redirect the output"
ls -l > list.txt
Output: ./restricted.sh
changing the dir
Current location: /usr/local
Back to original dir
Now, the current location: /home/poison
Setting the restricted mode
changing the directory
./restricted.sh: line 17: cd: restricted
Current location: /home/poison
changing the shell varaible
./restricted.sh: line 22: SHELL: readonly variable
Now, the value of SHELL is /bin/bash
Redirect the output
./restricted.sh: line 28: list.txt: restricted: cannot redirect output
0 comments:
Post a Comment