What is /bin/rbash?

I was learning about Common shell programs.

When I run cat /etc/shells, it shows:

# /etc/shells: valid login shells
/bin/sh
/bin/dash
/bin/bash
/bin/rbash

What is /bin/rbash here? Is it used in scripting?


Solution 1:

rbash is a restricted (reduced capabillities) version of bash. See this article: https://en.wikipedia.org/wiki/Restricted_shell

From the article:

The following operations are not permitted in a restricted shell:

changing directory
specifying absolute pathnames or names containing a slash
setting the PATH or SHELL variable
redirection of output

bash adds further restrictions, including:

limitations on function definitions
limitations on the use of slash-ed filenames in bash builtins

Restrictions in the restricted Korn shell are much the same as those in the restricted Bourne shell.

Solution 2:

From wikipedia

The restricted shell is a Unix shell that restricts some of the capabilities available to an interactive user session, or to a shell script, running within it. It is intended to provide an additional layer of security, but is insufficient to allow execution of entirely untrusted software. A restricted mode operation is found in the original Bourne shell[1] and its later counterpart bash,[2] and in the Korn shell.[3] In some cases a restricted shell is used in conjunction with a chroot jail, in a further attempt to limit access to the system as a whole.

See Soren A's answer for the limitations that apply to restricted shells.

You can run bash in restricted mode

bash -r
bash --restricted

On my system:

$ file /bin/rbash
/bin/rbash: symbolic link to bash

So if I run /bin/rbash, I am running bash

BUT

It suffices to create a link named rbash pointing directly to bash. Though this invokes bash directly, without the -r or --restricted options, bash does recognize that it was invoked through rbash and it does come up as a restricted shell.

As you can easily test:

zanna@monster:~$ rbash
zanna@monster:~$ cd playground
rbash: cd: restricted