Museum

Home

Lab Overview

Retrotechnology Articles

Online Manuals

⇒ rksh(1) — Reliant UNIX 5.44c4

Media Vault

Software Library

Restoration Projects

Artifacts Sought

Related Articles

ksh(1)

rksh(1)                                                             rksh(1)

NAME
     rksh - restricted Korn shell

SYNOPSIS
     rksh[ option...][ file][ argument]...

DESCRIPTION
     rksh is a restricted version of the Korn shell. It is used to set up
     special login names and execution environments whose capabilities are
     more closely controlled than those of the standard environment.

     option
          See ksh.

     file See ksh.

     argument
          See ksh.

   Functionality

     The functionality of rksh is identical to that of the Korn shell ksh,
     but with the following restrictions:

     -  The Korn shell built-in cd is not available, so you cannot change
        your current directory.

     -  You cannot change the values of the ENV, PATH and SHELL variables.

     -  Commands called with a command name containing a slash are not exe-
        cuted. In other words, you can only run commands which are located
        in your current directory or in one of the directories whose paths
        have been assigned to the PATH variable.

     -  Output cannot be redirected to files. If >, >|, <> or >> appears on
        the command line, the command will not be executed.

     The above restrictions are enforced after $HOME/.profile and the files
     defined by the ENV variable have been interpreted.

     When a command to be executed is found to be a shell script, rksh
     invokes the standard Korn shell ksh to execute it. Users are thus pro-
     vided with access to the complete functionality of the Korn shell in
     scripts while working in a restricted environment.

     For the system administrator only

     As the system administrator, you can set up an environment for users
     who are only to be allowed to work in the restricted Korn shell. For
     such users you should define:

     -  the directory they are to work in.



Page 1                       Reliant UNIX 5.44                Printed 11/98

rksh(1)                                                             rksh(1)

        Users should not be allowed to work in the login directory and
        should only have read permission for it.

     -  the commands they should be allowed to use.

        You can create either a subdirectory in the login directory or a
        more general directory such as /usr/rbin, and copy to it the
        approved commands which can safely be invoked with rksh. The user
        should not have write permission for the directory of commands.

     -  the Korn shell scripts they should be allowed to use.

        It should not be possible to call a subshell, for example, since
        the subshell will not be restricted.

     -  the values of the ENV, PATH, and SHELL variables.

        You should, for example, ensure that an unrestricted shell cannot
        be called via the ! command of the ex or vi editors.

     You should enter the appropriate commands and assignments in the
     $HOME/.profile and $ENV files. The cd command that switches to the
     working directory in which the restricted Korn shell is to be used
     must be one of the last commands. Users should not have write access
     to these files or to the directories in which they are located (e.g.
     $HOME).

SEE ALSO
     ksh(1).

























Page 2                       Reliant UNIX 5.44                Printed 11/98

Typewritten Software • bear@typewritten.org • Edmonds, WA 98026