Restricted Shells

From The System Administrator Zone

A restricted shell is a Unix shell that has been modified to allow the Unix shell user to do fewer things than he could do while using a normal shell. For example, it may restrict the user to running only certain programs. It may also stop the user from changing directories.

Reference Links

Bash Restricted Shell

If bash is started with the name rbash, or the --restricted or -r option is supplied at invocation, the shell becomes restricted. A restricted shell is used to set up an environment more controlled than the standard shell.

Iron Bars Shell

Many system administrators wish or have wished for a way to lock some/all users into a safe dungeon, where they can only do harm to their own files. Even more important is the protection against users reading sensitive files, for example the /etc/passwd file, which is accessible for any person with an unrestricted shell.

rssh homepage

rssh is a restricted shell for use with OpenSSH, allowing only scp and/or sftp. It now also includes support for rdist, rsync, and cvs. For example, if you have a server which you only want to allow users to copy files off of via scp, without providing shell access, you can use rssh to do that.

svnsh homepage

SVNSH is a minishell whose sole job in life is to securely chroot to a protected directory and run the svnserve command.

Security Risks

On poorly implemented restricted shells, the shell user can break out of the restricted environment by running a program that features a shell escape function. A good example of a shell function is the one provided by the program vi.

The restricted shell user could start vi and then use this command:

    :set shell=/bin/sh

then shell using this command:


Users are creative. You need to anticipate their "creative" use of any tools you provide to them.