The rbash in Linux – Understanding Restricted Bash

In this article, we will discuss what rbash in Linux is and how we can use it to suit our needs and also discuss the effects it has on our system.

Meanwhile, we will also discuss how secure it is.

What is rbash?

A restricted shell or rbash, as its name suggests is a shell similar to bash, but it differs in the perspective that it has lots of restrictions in place to avoid certain actions to be taken by the user. It is used for security purposes for using bash, but with an additional layer of security, to implement those restrictions.

Why do we use rbash in Linux?

We use rbash in Linux where we want the user to have restricted privileges like using certain programs. Keeping users from changing directories.

Many of the websites over the internet have rbash in place, to prevent overuse of their systems.

Many online learning websites use Restricted Shell (rbash) for educational purposes in their learning content, giving them access to the bash in a restricted manner to prevent unnecessary use.

Restrictions implemented in rbash

The restrictions that the Restricted Shell (rbash) has implemented in it are –

  • limiting from changing directories using cd
  • using command names containing slashes ( / )
  • modifying various paths and environment variables
  • importing functions from the bash environment at startup
  • parsing values from the bash environment at startup
  • Redirection of output using > , >| , <> , >& , &> and >> redirection operators
  • Specifying filenames containing ” / ” or ” – ” to history, hash -p or . built-in commands
  • specifying the ‘-p’ option with built-in commands
  • turning off the restricted mode using ‘set +o restricted’ or ‘set +r’.
  • enabling the disabled built-in commands using the ‘enable’ built-in command
  • using exec to replace the shell with another command

To check whether a command is built-in or not, use type the keyword before a command to know if it is built-in or not.

type <command-name>
Type Command
Type Command

For more detailed information, you can refer to Rbash GNU documentation or run the following command to access its manpages on your system using the man command

man rbash

It will open up the manpages of rbash as shown below.

Rbash Documentation
Rbash Documentation

Starting rbash in Linux

You can start rbash in Linux Restricted Bash by running the following command:

rbash

or

bash -r

It will look something like this. To ensure that rbash is enabled, you can run any restricted command like cd .

Enabling Rbash
Enabling Rbash

Testing rbash on Linux

As we have enabled the rbash in Linux, now let’s test it.

While trying to use cd, it gave the error rbash: cd : restricted , the way it was supposed to. As cd is restricted by rbash.

Cd Command Restricted In Rbash
Cd Command Restricted In Rbash

Next, while trying to redirect output to a file, it gave a similar error as rbash restricts output redirects.

Output Redirect Restricted In Rbash
Output Redirect Restricted In Rbash

Limitations of rbash

Like various other things, rbash also has some limitations to it –

  • When a command which is a shell script is encountered, rbash allows all the restrictions that are supposed to hinder the script
  • Rbash isn’t very secure, it can be broken out of in several ways
  • Running bash from rbash gives the user unrestricted access.
  • Not sufficient to try out untrusted software

Bonus

  • You can create a guest user in your system with rbash as the default bash environment, for use by other people. So, they do not break the system or interfere with your data.
  • Best practices suggest using Restricted Bash with chroot jail to limit access to the system as a whole.

Conclusion

In this article, we discussed what Restricted Bash or rbash in Linux is, and why we use it in various places like e-learning websites or other places. We also covered using the rbash, explaining how it differs from our basic bash and how we can use rbash on our system.

How can rbash be used?

rbash is commonly used to restrict users’ access to certain system commands and functionalities in a Linux environment.

What is the purpose of using a restricted shell?

A restricted shell is used to run programs in a restricted mode to enhance security by limiting the capabilities of the user and preventing unwanted execution of commands.

How do I set up rbash for a user?

To set up rbash for a user, you can change their shell to rbash in the chroot jail configuration or by using the chsh command.

Can rbash be used with other tools like scp and ssh?

Yes, rbash can be used in conjunction with tools like scp and ssh to provide a restricted environment for file transfers and secure remote access.

How can I add additional restrictions to rbash?

You can add additional restrictions to rbash by modifying the .bashrc file, restricting access to certain directories, or configuring specific environment variables for the user.