Zsh Mailing List Archive Messages sorted by: Reverse Date, Date, Thread, Author

Re: restricted shell

X-seq: zsh-users 4411
From: Mads Martin Joergensen <mmj@xxxxxxx>
To: Emre Yildirim <emre@xxxxxxxxxxxxx>
Subject: Re: restricted shell
Date: Sun, 21 Oct 2001 20:16:25 +0200
Cc: zsh-users@xxxxxxxxxx
In-reply-to: <3BD30F75.7060904@xxxxxxxxxxxxx>
Mailing-list: contact zsh-users-help@xxxxxxxxxx; run by ezmlm
References: <3BD30F75.7060904@xxxxxxxxxxxxx>

* Emre Yildirim <emre@xxxxxxxxxxxxx> [Oct 21. 2001 20:12]:
> 
> Is there anything in zsh that makes it restricted?  I.e. when I cp bash 
> rbash, and execute rbash
> it is a restricted shell.  Is there anything similar to that in zsh?  If 
> not, does anyone have tips on
> how to make zsh really really restricted?
> 
> Thanks for any help

_From the zsh man page:

RESTRICTED SHELL
       When the basename of the command used to invoke zsh starts
       with the letter `r' or the `-r'  command  line  option  is
       supplied  at  invocation,  the  shell  becomes restricted.
       Emulation mode is determined after  stripping  the  letter
       `r'  from the invocation name.  The following are disabled
       in restricted mode:

       ·      changing directories with the cd builtin

       ·      changing or unsetting the PATH, path,  MODULE_PATH,
              module_path,  SHELL, HISTFILE, HISTSIZE, GID, EGID,
              UID,     EUID,      USERNAME,      LD_LIBRARY_PATH,
              LD_AOUT_LIBRARY_PATH,         LD_PRELOAD        and
              LD_AOUT_PRELOAD parameters

       ·      specifying command names containing /

       ·      specifying command pathnames using hash

       ·      redirecting output to files

       ·      using the exec builtin command to replace the shell
              with another command

       ·      using jobs -Z to overwrite the shell process' argu
              ment and environment space

       ·      using the ARGV0 parameter to override  argv[0]  for
              external commands

       ·      turning off restricted mode with set +r or unsetopt
              RESTRICTED

       These  restrictions  are  enforced  after  processing  the
       startup  files.   The  startup files should set up PATH to
       point to a directory  of  commands  which  can  be  safely
       invoked  in the restricted environment.  They may also add
       further restrictions by disabling selected builtins.

       Restricted mode can also be activated any time by  setting
       the  RESTRICTED  option.  This immediately enables all the
       restrictions described above even if the shell  still  has
       not processed all startup files.

-- 
Mads Martin Joergensen, http://mmj.dk
"Why make things difficult, when it is possible to make them cryptic
 and totally illogic, with just a little bit more effort."
                                -- A. P. J.

Follow-Ups:
- Re: restricted shell
  - From: Emre Yildirim

References:
- restricted shell
  - From: Emre Yildirim

Messages sorted by: Reverse Date, Date, Thread, Author