6.10 The Restricted Shell
If Bash is started with the name 'rbash', or the '--restricted' or '-r'
option is supplied at invocation, the shell becomes restricted. A
restricted shell is used to set up an environment more controlled than
the standard shell. A restricted shell behaves identically to 'bash'
with the exception that the following are disallowed or not performed:
* Changing directories with the 'cd' builtin.
* Setting or unsetting the values of the 'SHELL', 'PATH', 'ENV', or
* Specifying command names containing slashes.
* Specifying a filename containing a slash as an argument to the '.'
* Specifying a filename containing a slash as an argument to the '-p'
option to the 'hash' builtin command.
* Importing function definitions from the shell environment at
* Parsing the value of 'SHELLOPTS' from the shell environment at
* Redirecting output using the '>', '>|', '<>', '>&', '&>', and '>>'
* Using the 'exec' builtin to replace the shell with another command.
* Adding or deleting builtin commands with the '-f' and '-d' options
to the 'enable' builtin.
* Using the 'enable' builtin command to enable disabled shell
* Specifying the '-p' option to the 'command' builtin.
* Turning off restricted mode with 'set +r' or 'set +o restricted'.
These restrictions are enforced after any startup files are read.
When a command that is found to be a shell script is executed (*note
Shell Scripts::), 'rbash' turns off any restrictions in the shell
spawned to execute the script.