bash: The Restricted Shell

1 
1 6.10 The Restricted Shell
1 =========================
1 
1 If Bash is started with the name 'rbash', or the '--restricted' or '-r'
1 option is supplied at invocation, the shell becomes restricted.  A
1 restricted shell is used to set up an environment more controlled than
1 the standard shell.  A restricted shell behaves identically to 'bash'
1 with the exception that the following are disallowed or not performed:
1 
1    * Changing directories with the 'cd' builtin.
1    * Setting or unsetting the values of the 'SHELL', 'PATH', 'ENV', or
1      'BASH_ENV' variables.
1    * Specifying command names containing slashes.
1    * Specifying a filename containing a slash as an argument to the '.'
1      builtin command.
1    * Specifying a filename containing a slash as an argument to the '-p'
1      option to the 'hash' builtin command.
1    * Importing function definitions from the shell environment at
1      startup.
1    * Parsing the value of 'SHELLOPTS' from the shell environment at
1      startup.
1    * Redirecting output using the '>', '>|', '<>', '>&', '&>', and '>>'
1      redirection operators.
1    * Using the 'exec' builtin to replace the shell with another command.
1    * Adding or deleting builtin commands with the '-f' and '-d' options
1      to the 'enable' builtin.
1    * Using the 'enable' builtin command to enable disabled shell
1      builtins.
1    * Specifying the '-p' option to the 'command' builtin.
1    * Turning off restricted mode with 'set +r' or 'set +o restricted'.
1 
1    These restrictions are enforced after any startup files are read.
1 
11    When a command that is found to be a shell script is executed (⇒
 Shell Scripts), 'rbash' turns off any restrictions in the shell
1 spawned to execute the script.
1