rksh(1) rksh(1)
NAME
rksh - restricted Korn shell
SYNOPSIS
rksh[ option...][ file][ argument]...
DESCRIPTION
rksh is a restricted version of the Korn shell. It is used to set up
special login names and execution environments whose capabilities are
more closely controlled than those of the standard environment.
option
See ksh.
file See ksh.
argument
See ksh.
Functionality
The functionality of rksh is identical to that of the Korn shell ksh,
but with the following restrictions:
- The Korn shell built-in cd is not available, so you cannot change
your current directory.
- You cannot change the values of the ENV, PATH and SHELL variables.
- Commands called with a command name containing a slash are not exe-
cuted. In other words, you can only run commands which are located
in your current directory or in one of the directories whose paths
have been assigned to the PATH variable.
- Output cannot be redirected to files. If >, >|, <> or >> appears on
the command line, the command will not be executed.
The above restrictions are enforced after $HOME/.profile and the files
defined by the ENV variable have been interpreted.
When a command to be executed is found to be a shell script, rksh
invokes the standard Korn shell ksh to execute it. Users are thus pro-
vided with access to the complete functionality of the Korn shell in
scripts while working in a restricted environment.
For the system administrator only
As the system administrator, you can set up an environment for users
who are only to be allowed to work in the restricted Korn shell. For
such users you should define:
- the directory they are to work in.
Page 1 Reliant UNIX 5.44 Printed 11/98
rksh(1) rksh(1)
Users should not be allowed to work in the login directory and
should only have read permission for it.
- the commands they should be allowed to use.
You can create either a subdirectory in the login directory or a
more general directory such as /usr/rbin, and copy to it the
approved commands which can safely be invoked with rksh. The user
should not have write permission for the directory of commands.
- the Korn shell scripts they should be allowed to use.
It should not be possible to call a subshell, for example, since
the subshell will not be restricted.
- the values of the ENV, PATH, and SHELL variables.
You should, for example, ensure that an unrestricted shell cannot
be called via the ! command of the ex or vi editors.
You should enter the appropriate commands and assignments in the
$HOME/.profile and $ENV files. The cd command that switches to the
working directory in which the restricted Korn shell is to be used
must be one of the last commands. Users should not have write access
to these files or to the directories in which they are located (e.g.
$HOME).
SEE ALSO
ksh(1).
Page 2 Reliant UNIX 5.44 Printed 11/98