source: trunk/essentials/app-shells/bash/RBASH@ 3924

6.10 The Restricted Shell
=========================

If Bash is started with the name `rbash', or the `--restricted' or `-r'
option is supplied at invocation, the shell becomes restricted.  A
restricted shell is used to set up an environment more controlled than
the standard shell.  A restricted shell behaves identically to `bash'
with the exception that the following are disallowed or not performed:

   * Changing directories with the `cd' builtin.

   * Setting or unsetting the values of the `SHELL', `PATH', `ENV', or
     `BASH_ENV' variables.

   * Specifying command names containing slashes.

   * Specifying a filename containing a slash as an argument to the `.'
     builtin command.

   * Specifying a filename containing a slash as an argument to the `-p'
     option to the `hash' builtin command.

   * Importing function definitions from the shell environment at
     startup.

   * Parsing the value of `SHELLOPTS' from the shell environment at
     startup.

   * Redirecting output using the `>', `>|', `<>', `>&', `&>', and `>>'
     redirection operators.

   * Using the `exec' builtin to replace the shell with another command.

   * Adding or deleting builtin commands with the `-f' and `-d' options
     to the `enable' builtin.

   * Using the `enable' builtin command to enable disabled shell
     builtins.

   * Specifying the `-p' option to the `command' builtin.

   * Turning off restricted mode with `set +r' or `set +o restricted'.

These restrictions are enforced after any startup files are read.

When a command that is found to be a shell script is executed (*note
Shell Scripts::), `rbash' turns off any restrictions in the shell
spawned to execute the script.