A restricted shell is a Unix shell that has been modified to allow the Unix shell user to do fewer things than he could do while using a normal shell. For example, it may restrict the user to running only certain programs. It may also stop the user from changing directories.
If bash is started with the name rbash, or the --restricted or -r option is supplied at invocation, the shell becomes restricted. A restricted shell is used to set up an environment more controlled than the standard shell.
Many system administrators wish or have wished for a way to lock some/all users into a safe dungeon, where they can only do harm to their own files. Even more important is the protection against users reading sensitive files, for example the /etc/passwd file, which is accessible for any person with an unrestricted shell.
rssh is a restricted shell for use with OpenSSH, allowing only scp and/or sftp. It now also includes support for rdist, rsync, and cvs. For example, if you have a server which you only want to allow users to copy files off of via scp, without providing shell access, you can use rssh to do that.
SVNSH is a minishell whose sole job in life is to securely chroot to a protected directory and run the svnserve command.
On poorly implemented restricted shells, the shell user can break out of the restricted environment by running a program that features a shell escape function. A good example of a shell function is the one provided by the program vi.
The restricted shell user could start vi and then use this command:
then shell using this command:
Users are creative. You need to anticipate their "creative" use of any tools you provide to them.