How to Configure Restricted Shell to a Solaris User
Other Learning Articles that you may like to read
Free Courses We Offer
Paid Training Courses we Offer
/usr/lib/rsh – Restricted Bourne Shell, not a Remote Shell
What is the purpose of rksh ?
- changing directory (cd command)
- setting the value of SHELL, PATH or ENV (for rksh)
- specifying path or command names containing /
- redirecting output (>, >|, <>, and >>)
- changing group (see newgrp(1) manpage).
- The user is limited to the home directory (user can’t use cd to change directories). If a user tries to change directory out of their home directory, they will receive:
rksh: cd: restricted
- The user can use only the commands in the PATH set by the system administrator (user can’t change the PATH variable). If they try to run a command by specifying the full path, they will receive the following error:
rksh: /bin/command: restricted
- This restriction is based on checking for a slash (/) in the path of the command to be executed. Thus, trying to execute /usr/bin/grep or ./bin/grep will fail to execute. This restriction, however, will not prevent specifying paths containing a slash (/) as a parameter to a command.
- For example, if the vi or cat commands are included in the PATH, the user could view the contents of /etc/system (or any other file which they know the full path to) using the above mentioned commands. vi /etc/system or cat /etc/system will display contents of that file.
- Restricted Shell does not restrict parameters passed to commands (so the slashes in /etc/system will be passed along without restriction). If the above setup is not restrictive enough, the a chrooted environment would have to be created. Chroot setup is beyond the scope of this document.
- The user can’t redirect output with > or >>.
- can only access their home directory (they will still be able to list files in other directories, if ls is provided)
- can only run commands in the /rksh directory.
How to Setup RKSH for a User?
if [ “$0” = “rksh” ]thenPATH=/rkshexport PATHfi
# mkdir /rksh# cd /rksh# ln -s /usr/bin/ls ls# ls -llrwxrwxrwx 1 root other 13 Nov 15 11:46 ls -> /usr/bin/ls