rsh(1M)
NAME
rsh, restricted_shell - restricted shell command interpreter
SYNOPSIS
/usr/lib/rsh [-acefhiknprstuvx] [argument...]
DESCRIPTION
rsh is a limiting version of the standard command inter-
preter sh, used to restrict logins to execution environments
whose capabilities are more controlled than those of sh (see
sh(1) for complete description and usage).
When the shell is invoked, it scans the environment for the
value of the environmental variable, SHELL. If it is found
and rsh is the file name part of its value, the shell
becomes a restricted shell.
The actions of rsh are identical to those of sh, except that
the following are disallowed:
o changing directory (see cd(1)),
o setting the value of $PATH,
o pecifying path or command names containing /,
o redirecting output (> and >>).
The restrictions above are enforced after .profile is inter-
preted.
A restricted shell can be invoked in one of the following
ways:
1. rsh is the file name part of the last entry in the
/etc/passwd file (see passwd(4));
2. the environment variable SHELL exists and rsh is the file
name part of its value; the environment variable SHELL
needs to be set in the .login file;
3. the shell is invoked and rsh is the file name part of
argument 0;
4. the shell is invoke with the -r option.When a command to
be executed is found to be a shell procedure, rsh invokes
sh to execute it. Thus, it is possible to provide to the
end-user shell procedures that have access to the full
power of the standard shell, while imposing a limited
menu of commands; this scheme assumes that the end-user
does not have write and execute permissions in the same
directory.
The net effect of these rules is that the writer of the
.profile (see profile(4)) has complete control over user
actions by performing guaranteed setup actions and leaving
the user in an appropriate directory (probably not the login
directory).
The system administrator often sets up a directory of com-
mands (that is, /usr/rbin) that can be safely invoked by a
restricted shell. Some systems also provide a restricted
editor, red.
EXIT STATUS
Errors detected by the shell, such as syntax errors, cause
the shell to return a non-zero exit status. If the shell is
being used non-interactively execution of the shell file is
abandoned. Otherwise, the shell returns the exit status of
the last command executed.
ATTRIBUTES
See attributes(5) for descriptions of the following attri-
butes:
____________________________________________________________
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
|_____________________________|_____________________________|
| Availability | SUNWcsu |
|_____________________________|_____________________________|
SEE ALSO
intro(1), cd(1), login(1), rsh(1), sh(1), exec(2),
passwd(4), profile(4), attributes(5)
NOTES
The restricted shell, /usr/lib/rsh, should not be confused
with the remote shell, /usr/bin/rsh, which is documented in
rsh(1).
Man(1) output converted with
man2html