Login or Register to Ask a Question and Join Our Community

Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

restricted_shell(1m) [sunos man page]

rsh(1M) 						  System Administration Commands						   rsh(1M)

NAME

       rsh, restricted_shell - restricted shell command interpreter

SYNOPSIS

       /usr/lib/rsh [-acefhiknprstuvx] [argument...]

DESCRIPTION

       rsh  is a limiting version of the standard command interpreter sh, used to restrict logins to execution environments whose capabilities are
       more controlled than those of sh (see sh(1) for complete description and usage).

       When the shell is invoked, it scans the environment for the value of the environmental variable, SHELL. If it is found and rsh is the  file
       name part of its value, the shell becomes a restricted shell.

       The actions of rsh are identical to those of sh, except that the following are disallowed:

	 o  changing directory (see cd(1)),

	 o  setting the value of $PATH,

	 o  pecifying path or command names containing /,

	 o  redirecting output (> and >>).

       The restrictions above are enforced after .profile is interpreted.

       A restricted shell can be invoked in one of the following ways:

       1.  rsh is the file name part of the last entry in the /etc/passwd file (see passwd(4));

       2.  the environment variable SHELL exists and rsh is the file name part of its value; the environment variable SHELL needs to be set in the
	   .login file;

       3.  the shell is invoked and rsh is the file name part of argument 0;

       4.  the shell is invoke with the -r option.

       When a command to be executed is found to be a shell procedure, rsh invokes sh to execute it. Thus, it is possible to provide to  the  end-
       user  shell  procedures	 that  have access to the full power of the standard shell, while imposing a limited menu of commands; this scheme
       assumes that the end-user does not have write and execute permissions in the same directory.

       The net effect of these rules is that the writer of the .profile (see profile(4)) has complete control  over  user  actions  by	performing
       guaranteed setup actions and leaving the user in an appropriate directory (probably not the login directory).

       The  system administrator often sets up a directory of commands (that is, /usr/rbin) that can be safely invoked by a restricted shell. Some
       systems also provide a restricted editor, red.

EXIT STATUS

       Errors detected by the shell, such as syntax errors, cause the shell to return a non-zero exit status. If the  shell  is  being	used  non-
       interactively execution of the shell file is abandoned. Otherwise, the shell returns the exit status of the last command executed.

ATTRIBUTES

       See attributes(5) for descriptions of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE	     |	    ATTRIBUTE VALUE	   |
       +-----------------------------+-----------------------------+
       |Availability		     |SUNWcsu			   |
       +-----------------------------+-----------------------------+

SEE ALSO

       intro(1), cd(1), login(1), rsh(1), sh(1),  exec(2), passwd(4), profile(4), attributes(5)

NOTES

       The restricted shell, /usr/lib/rsh, should not be confused with the remote shell, /usr/bin/rsh, which is documented in rsh(1).

SunOS 5.10							    1 Nov 1993								   rsh(1M)

Check Out this Related Man Page

rsh(1)							      General Commands Manual							    rsh(1)

NAME

       rsh - Executes the specified command at the remote host or logs into a remote host

SYNOPSIS

       rsh [-dn] [-l user] remote_host [command] [argument...]

       The remote shell command (rsh) executes command at the remote_host, or, if no command is specified, logs into remote_host.

OPTIONS

       Turns  on  socket  debugging (using setsockopt()) on the TCP sockets used for communication with the remote host.  Specifies that rsh is to
       log into the remote host as user instead of the local username.	If this option is not specified, the local and remote  usernames  are  the
       same.   Specifies  that	rsh is to ignore input from STDIN.  Use this option if you put rsh in the background without redirecting its input
       away from the terminal. If you do not use this option in this situation, rsh blocks even if no reads are posted by the remote command.

DESCRIPTION

       The rsh command sends standard input from the local host to the remote command and receives standard output and	standard  error  from  the
       remote command.	If you do not specify a command, rsh executes rlogin instead.

       If  you do not specify the -l option, the local username is used at the remote host.  If -l user is entered, the specified username is used
       at the remote host.  In either case, the remote host allows access only if at least one of the following conditions is satisfied: The local
       user  ID  is  not superuser, and the name of the local host is listed as an equivalent host in the remote /etc/hosts.equiv file.  If either
       the local user ID is superuser or the check of /etc/hosts.equiv fails, the remote user's home directory must contain a  $HOME/.rhosts  file
       that lists the local host and username.

       For  security  reasons, any $HOME/.rhosts file must be owned by either the remote user or the root user, and should have permissions set to
       600 (read and write by owner only).

       In addition to the preceding conditions, rsh also allows access to the remote host if the remote user account  does  not  have  a  password
       defined.  However, for security reasons, use of a password on all user accounts is recommended.

       While  the  remote  command  is	executing,  pressing the Interrupt, Terminate, or Quit key sequences sends the corresponding signal to the
       remote process.	However, pressing the Stop key sequence stops only the local process. Normally, when the remote  command  terminates,  the
       local rsh process terminates.

       To  have  shell metacharacters interpreted on the remote host, place the metacharacters inside  (double quotes). Otherwise, the metacharac-
       ters are interpreted by the local shell.

RESTRICTIONS

       The rsh command is confused by output generated by commands in a file on the remote host.  In particular, the messages, where are you?  and
       stty: Can't assign requested address can result if output is generated by the startup file.

EXAMPLES

       In  the	following  examples, the local host host1 is listed in the /etc/hosts.equiv file at the remote host host2.  To check the amount of
       free disk space on the remote host host2, enter: $ rsh host2 df To append a remote file to another file on the remote host,  place  the	>>
       metacharacters  in   (double quotes): $ rsh host2 cat test1 ">>" test2 To append a remote file at the remote host to a local file, omit the
       double quotes: $ rsh host2 cat test2 >> test3 To append a remote file to a local file and use a remote user's  permissions  at  the  remote
       host, use the -l option: $ rsh host2 -l jane cat test4 >> test5

FILES

       Specifies  remote  hosts  from which users can execute commands on the local host (provided these users have an account on the local host).
       Specifies remote users that can use a local user account.

SEE ALSO

       Commands:  rcp(1), rlogin(1), rshd(8), telnet(1)

       Functions:  rexec(3)

       Files:  rhosts(4)

																	    rsh(1)
Man Page