Did You Know?
Donate to TecMint

We are pleased to announce our new TecMint Q/A section to submit your Linux questions

rbash – A Restricted Bash Shell Explained with Practical Examples

Download Your Free eBooks NOW - 10 Free Linux eBooks for Administrators

Linux Shell is one of the most fascinating and powerful GNU/Linux powered tool. All the application, including X, is built over shell and Linux shell is so powerful that the whole Linux system can be controlled precisely, using it. The other aspect of Linux shell is that, it can be potentially harmful, when you executed a system command, without knowing its consequence or unknowingly.

Restrict Linux Commands

Restricted Bash Shell

Being an ignorant user. For this purpose we are introducing restricted shell. We will be discussing restricted shell in details, the restrictions implemented, and a lot more.

What is rbash?

The Restricted Shell is a Linux Shell that restrict some of the features of bash shell, and is very clear from the name. The restriction is well implemented for the command as well as script running in restricted shell. It provides an additional layer for security to bash shell in Linux.

Restrictions Implemented in rbash

  1. cd command (Change Directory)
  2. PATH (setting/ unsetting)
  3. ENV aka BASH_ENV (Environment Setting/ unsetting)
  4. Importing Function
  5. Specifying file name containing argument ‘/’
  6. Specifying file name containing argument ‘-’
  7. Redirecting output using ‘>‘, ‘>>‘, ‘>|‘, ‘<>‘, ‘>&‘, ‘&>
  8. turning off restriction using ‘set +r‘ or ‘set +o

Note: Restrictions of rbash is enforced after any startup files are read.

Enabling Restricted Shell

In some version of GNU/Linux viz., Red Hat/CentOS, rbash may not be implemented directly and needs symbolic links to be created.

# cd /bin

# ln -s bash rbash

In most of the today’s GNU/Linux standard distributions, rbash is available by default. If not, you can download source tarball and install it from source in your system.

Starting rbash

To start rbash restricted shell in Linux, execute the following command.

# bash -r

OR

# rbash

Note: If rbash is started successfully, it returns 0.

Testing a Few Restrictions

Here, we executing few commands on the rbash shell to check restrictions.

# cd

rbash: cd: restricted
# pwd > a.txt

bash: a.txt: restricted: cannot redirect output
Pros of Restricted Shell
  1. Restricted shell is used in conjunction with a chroot jail, in a further attempt to limit access to the system as a whole.
Cons of Restricted Shell
  1. Insufficient to allow execution of entirely untrusted software.
  2. When a command that is found to be a shell script is executed, rbash turns off any restrictions in the shell spawned to execute the script.
  3. When users run bash or dash from rbash then they got unrestricted shells.
  4. rbash should only be used within a chroot unless you know what you are doing.
  5. There are many ways to break out a restricted bash shell that are not easy to predict in advance.

Conclusion

rbash is a fantastic tool to work on, within restricted environment and works brilliant. You must give it a try and you wont be disappointed.

That’s all for now. I’ll soon be here again here with another interesting and knowledgeable topic you people would love to read. Don’t forget to provide us with your valuable feedback in our comment section.

I am a major in computer science, love to research nix. I love to write codes and scripts, review distros, experiment Foss Technologies, write technical articles, Hack, of course Ethically. I am working as System Administrator (nix) for a NGO.

Linux Services & Free WordPress Setup

Our post is simply ‘DIY’ aka ‘Do It Yourself, still you may find difficulties and want us to help you out. We offer wide range of Linux and Web Hosting Solutions at fair minimum rates. Please submit your orders by Clicking Here.

4 Responses

  1. ashish says:

    nice post

  2. Max says:

    After reading this article I’m still trying to get something useful from it, besides the description of rbash.
    There are no examples of configuration, also there are no examples of modification of it base configuration.
    No real case of use for this shell in a production environment, as CentOS and RHEL are mentioned.
    - Can it be used as a default shell for a user? because the user wouldn’t run it if they have the chance.

    Thanks for the article, but it just looks incomplete and not entirely true to the title.

    • Javier says:

      Hi Max, yes you can run it on the default shell of the user, you have to edit /etc/passwd file and change on the user /bin/bash for /bin/rbash

Leave a Reply

This work is licensed under a (cc) BY-NC | TecMint uses cookies. By using our services, you comply to use of our cookies. More info: Privacy Policy.
© 2012-2014 All Rights Reserved.