$ rksh
$ cd ..
rksh: cd: restricted
$ cd /
rksh: cd: restricted
$ /usr/sbin/ifconfig
rksh: /usr/sbin/ifconfig: restricted
$

rksh is used to set up login names and execution environ-
ments whose capabilities are more controlled than those of
the standard shell. The actions of rksh are identical to
those of ksh, except that the following are disallowed:

o changing directory (see cd(1))

o setting the value of SHELL, ENV, or PATH

o specifying path or command names containing /

o redirecting output (>, >|, <>, and >>)

o changing group (see newgrp(1)).

The restrictions above are enforced after .profile and the
ENV files are interpreted.

When a command to be executed is found to be a shell pro-
cedure, rksh invokes ksh to execute it. Thus, it is possi-
ble to provide to the end-user shell procedures that have
access to the full power of the standard shell, while impos-
ing a limited menu of commands; this scheme assumes that the
end-user does not have write and execute permissions in the
same directory.
The net effect of these rules is that the writer of the
.profile has complete control over user actions, by perform-
ing guaranteed setup actions and leaving the user in an
appropriate directory (probably not the login directory).

The system administrator often sets up a directory of com-
mands (that is, /usr/rbin) that can be safely invoked by
rksh.