rsh(1M)

NAME

     rsh, restricted_shell - restricted shell command interpreter

SYNOPSIS

     /usr/lib/rsh [-acefhiknprstuvx] [argument...]

DESCRIPTION

     rsh is a limiting version of  the  standard  command  inter-
     preter sh, used to restrict logins to execution environments
     whose capabilities are more controlled than those of sh (see
     sh(1) for complete description and usage).

     When the shell is invoked, it scans the environment for  the
     value  of  the environmental variable, SHELL. If it is found
     and rsh is the file  name  part  of  its  value,  the  shell
     becomes a restricted shell.

     The actions of rsh are identical to those of sh, except that
     the following are disallowed:

        o  changing directory (see cd(1)),

        o  setting the value of $PATH,

        o  pecifying path or command names containing /,

        o  redirecting output (> and >>).

     The restrictions above are enforced after .profile is inter-
     preted.

     A restricted shell can be invoked in one  of  the  following
     ways:

     1. rsh is the file name  part  of  the  last  entry  in  the
        /etc/passwd file (see passwd(4));

     2. the environment variable SHELL exists and rsh is the file
        name  part  of  its value; the environment variable SHELL
        needs to be set in the .login file;

     3. the shell is invoked and rsh is the  file  name  part  of
        argument 0;

     4. the shell is invoke with the -r option.When a command  to
        be executed is found to be a shell procedure, rsh invokes
        sh to execute it. Thus, it is possible to provide to  the
        end-user  shell  procedures  that have access to the full
        power of the standard shell,  while  imposing  a  limited
        menu  of  commands; this scheme assumes that the end-user
        does not have write and execute permissions in  the  same
        directory.

     The net effect of these rules is  that  the  writer  of  the
     .profile  (see  profile(4))  has  complete control over user
     actions by performing guaranteed setup actions  and  leaving
     the user in an appropriate directory (probably not the login
     directory).

     The system administrator often sets up a directory  of  com-
     mands  (that  is, /usr/rbin) that can be safely invoked by a
     restricted shell. Some systems  also  provide  a  restricted
     editor, red.

EXIT STATUS

     Errors detected by the shell, such as syntax  errors,  cause
     the  shell to return a non-zero exit status. If the shell is
     being used non-interactively execution of the shell file  is
     abandoned.  Otherwise,  the shell returns the exit status of
     the last command executed.

ATTRIBUTES

     See attributes(5) for descriptions of the  following  attri-
     butes:

     ____________________________________________________________
    |       ATTRIBUTE TYPE        |       ATTRIBUTE VALUE       |
    |_____________________________|_____________________________|
    | Availability                | SUNWcsu                     |
    |_____________________________|_____________________________|

SEE ALSO

     intro(1),  cd(1),   login(1),   rsh(1),   sh(1),    exec(2),
     passwd(4), profile(4), attributes(5)

NOTES

     The restricted shell, /usr/lib/rsh, should not  be  confused
     with  the remote shell, /usr/bin/rsh, which is documented in
     rsh(1).
Man(1) output converted with man2html