System Administration Commands                            rsh(1M)


     rsh, restricted_shell - restricted shell command interpreter


     /usr/lib/rsh [-acefhiknprstuvx] [argument]...


     rsh is a limiting version of  the  standard  command  inter-
     preter sh, used to restrict logins to execution environments
     whose capabilities are more controlled than those of sh (see
     sh(1) for complete description and usage).

     When the shell is invoked, it scans the environment for  the
     value  of the environmental variable, SHELL.  If it is found
     and rsh is the file  name  part  of  its  value,  the  shell
     becomes a restricted shell.

     The actions of rsh are identical to those of sh, except that
     the following are disallowed:

         o    changing directory (see cd(1)),

         o    setting the value of $PATH,

         o    pecifying path or command names containing /,

         o    redirecting output (> and >>).

     The restrictions above are enforced after .profile is inter-

     A restricted shell can be invoked in one  of  the  following

         1.   rsh is the file name part of the last entry in  the
              /etc/passwd file (see passwd(4));

         2.   the environment variable SHELL exists  and  rsh  is
              the  file  name  part of its value; the environment
              variable SHELL needs to be set in the .login file;

         3.   the shell is invoked and rsh is the file name  part
              of argument 0;

         4.   the shell is invoke with the -r option.

SunOS 5.11           Last change: 1 Nov 1993                    1

System Administration Commands                            rsh(1M)

     When a command to be executed is found to be  a  shell  pro-
     cedure,  rsh  invokes sh to execute it. Thus, it is possible
     to provide to  the  end-user  shell  procedures   that  have
     access to the full power of the standard shell, while impos-
     ing a limited menu of commands; this scheme assumes that the
     end-user  does not have write and execute permissions in the
     same directory.

     The net effect of these rules is  that  the  writer  of  the
     .profile  (see  profile(4))  has  complete control over user
     actions by performing guaranteed setup actions  and  leaving
     the user in an appropriate directory (probably not the login

     The system administrator often sets up a directory  of  com-
     mands  (that  is, /usr/rbin) that can be safely invoked by a
     restricted shell. Some systems  also  provide  a  restricted
     editor, red.


     Errors detected by the shell, such as syntax  errors,  cause
     the  shell to return a non-zero exit status. If the shell is
     being used non-interactively execution of the shell file  is
     abandoned.  Otherwise,  the shell returns the exit status of
     the last command executed.


     See attributes(5) for descriptions of the  following  attri-

    |       ATTRIBUTE TYPE        |       ATTRIBUTE VALUE       |
    | Availability                | SUNWcsu                     |


     intro(1),   cd(1),   login(1),   rsh(1),   sh(1),   exec(2),
     passwd(4), profile(4), attributes(5)


     The restricted shell, /usr/lib/rsh, should not  be  confused
     with  the remote shell, /usr/bin/rsh, which is documented in

SunOS 5.11           Last change: 1 Nov 1993                    2

Man(1) output converted with man2html

FhG Schily's Home VED powered