The Restricted Shell (rsh)

Some versions of UNIX include a special shell, the restricted shell, that provides restricted capabilities. Although the restricted shell provides only a limited degree of security, it can prevent users who should only have access to specific programs from damaging the system. For instance, a bank clerk should only have access to programs used for particular banking functions, a text processor should only have access to certain text processing programs, and an order entry clerk should only have access to programs for entering orders.

System administrators can prevent these users from using other programs by assigning the restricted shell, rsh, as their start-up program. This is done by placing /bin/rsh as the entry in the last field of this user’s entry in the system’s /etc/passwd file. The restricted shell can also be invoked by providing the sh command with the –r option. (Note that the restricted shell rsh is different from the command rsh, which is the remote shell command that is included with the Internet Utilities package discussed in Chapter 9.)