rbash bash的限制版

好久没写blog了!お久しぶりです!bash --restricted这个东西挺有趣的东西,它可以限制用户的操作,比如cd命令,它让你只能在你所登陆的目录呆着。。。。

2010-09-26 10:31:52

If bash is started with the name rbash, or the -r option is supplied at invocation, the shell becomes restricted. A restricted shell is used to set up an environment more controlled than the standard shell. It behaves identically to bash with the exception that the following are disallowed or not performed:


  • changing directories with cd

  • setting or unsetting the values of SHELL, PATH, ENV, or BASH_ENV

  • specifying command names containing /

  • specifying a file name containing a / as an argument to the . builtin command

  • Specifying a filename containing a slash as an argument to the -p option to the hash builtin command

  • importing function definitions from the shell environment at startup

  • parsing the value of SHELLOPTS from the shell environment at startup

  • redirecting output using the >, >|, <>, >&, &>, and >> redirection operators

  • using the exec builtin command to replace the shell with another command

  • adding or deleting builtin commands with the -f and -d options to the enable builtin command

  • Using the enable builtin command to enable disabled shell builtins

  • specifying the -p option to the command builtin command

  • turning off restricted mode with set +r or set +o restricted.



如果启动rbash,以下操作将被禁止:
使用cd命令切换目录;
设置或者取消SHELL、PATH、ENV或者BASH_ENV环境变量;
以绝对路径运行命令; 使用绝对路径指定的文件名作为内置命令.的参数;
使用绝对路径指定的文件名作为内置命令hash的参数;
在启动时,从shell环境导入函数的定义;
在启动时,解析SHELLOPTS的值; 使用>、>|、<>、>&、&>和>>等重定向操作重定向输出;
使用exec命令使其它的命令代替当前shell;
使用-f和-d选项打开/关闭内置命令;
对内置命令使用-p选项;
关闭受限模式。



These restrictions are enforced after any startup files are read.

When a command that is found to be a shell script is executed, rbash turns off any restrictions in the shell spawned to execute the script.

徜徉于这片废土的我们.....应当去哪里追寻更好的自己?