Restricted bash shell can be invoked using below command:
# bash -r
The ‘/bin/rbash‘ represents the restricted bash shell and can be created by creating as a soft link to ‘/bin/bash’ as shown below:
# ln -s /bin/bash /bin/rbash
Once soft link for /bin/rbash is created, one can launch restricted bash shell using below command:
# rbash
If bash is started with the name ‘rbash’ or the ‘-r’ option is supplied at invocation, the shell becomes restricted. Below is the output from man page of bash command:
A restricted shell is used to set up an environment more controlled than the standard shell. It behaves identically to bash with the exception that the following are disallowed or not performed:
1. Changing directories with cd.
2. Setting or unsetting the values of SHELL, PATH, ENV, or BASH_ENV
3. Specifying command names containing /
4. Specifying a file name containing a / as an argument to the . builtin command
5. Specifying a filename containing a slash as an argument to the -p option to the hash builtin command
6. Importing function definitions from the shell environment at startup
7. Parsing the value of SHELLOPTS from the shell environment at startup
8. Redirecting output using the >, >|, <>, >&, &>, and >> redirection operators
9. Using the exec builtin command to replace the shell with another command
10. Adding or deleting builtin commands with the -f and -d options to the enable builtin command
11. Using the enable builtin command to enable disabled shell builtins
12. Specifying the -p option to the command builtin command
13. Turning off restricted mode with set +r or set +o restricted.
These restrictions are enforced after any startup files are read. When a command that is found to be a shell script is executed (see COMMAND EXECUTION above), rbash turns off any restrictions in the shell spawned to execute the script.