Restricted Shells
Restricted shells are restricted versions of the common UNIX Bourne shell or Korn shell. In the Bourne shell, the restricted shell is run as rsh (/usr/lib/rsh), while in the Korn Shell it is run as rksh (/usr/bin/rksh). The restricted versions of these shells allow users to log in with restricted access. They cannot:
• Use the cd command to change directories.
• Specify a path or command using /.
• Use redirection (>, >>).
• Set the value of PATH.
Note: A user’s path should not include /usr/bin. This lets the user run another shell, thereby inheriting access to any commands that the child shell allows. The default shell for a user is located in the /etc/passwd file.