Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages


home | help
rsh(1M)			System Administration Commands		       rsh(1M)

       rsh, restricted_shell - restricted shell	command	interpreter

       /usr/lib/rsh [-acefhiknprstuvx] [argument...]

       rsh  is a limiting version of the standard command interpreter sh, used
       to restrict logins to execution	environments  whose  capabilities  are
       more  controlled	 than  those of	sh (see	sh(1) for complete description
       and usage).

       When the	shell is invoked, it scans the environment for	the  value  of
       the  environmental  variable, SHELL. If it is found and rsh is the file
       name part of its	value, the shell becomes a restricted shell.

       The actions of rsh are identical	to those of sh,	except that  the  fol-
       lowing are disallowed:

	 o  changing directory (see cd(1)),

	 o  setting the	value of $PATH,

	 o  pecifying path or command names containing /,

	 o  redirecting	output (> and >>).

       The restrictions	above are enforced after .profile is interpreted.

       A restricted shell can be invoked in one	of the following ways:

       1.  rsh is the file name	part of	the last entry in the /etc/passwd file
	   (see	passwd(4));

       2.  the environment variable SHELL exists and rsh is the	file name part
	   of its value; the environment variable SHELL	needs to be set	in the
	   .login file;

       3.  the shell is	invoked	and rsh	is the file name part of argument 0;

       4.  the shell is	invoke with the	-r option.

       When a command to be executed is	found to be a shell procedure, rsh in-
       vokes sh	to execute it. Thus, it	is possible to provide to the end-user
       shell procedures	 that have access to the full power  of	 the  standard
       shell,  while  imposing a limited menu of commands; this	scheme assumes
       that the	end-user does not have write and execute  permissions  in  the
       same directory.

       The  net	 effect	of these rules is that the writer of the .profile (see
       profile(4)) has complete	control	over user actions by performing	 guar-
       anteed  setup  actions and leaving the user in an appropriate directory
       (probably not the login directory).

       The system administrator	often sets up a	directory  of  commands	 (that
       is,  /usr/rbin)	that can be safely invoked by a	restricted shell. Some
       systems also provide a restricted editor, red.

       Errors detected by the shell, such as syntax errors, cause the shell to
       return  a non-zero exit status. If the shell is being used non-interac-
       tively execution	of the shell file is abandoned.	Otherwise,  the	 shell
       returns the exit	status of the last command executed.

       See attributes(5) for descriptions of the following attributes:

       |      ATTRIBUTE	TYPE	     |	    ATTRIBUTE VALUE	   |
       |Availability		     |SUNWcsu			   |

       intro(1),  cd(1),  login(1),  rsh(1),  sh(1),  exec(2), passwd(4), pro-
       file(4),	attributes(5)

       The restricted shell, /usr/lib/rsh, should not be confused with the re-
       mote shell, /usr/bin/rsh, which is documented in	rsh(1).

SunOS 5.10			  1 Nov	1993			       rsh(1M)


Want to link to this manual page? Use this URL:

home | help