Restricted Mode

Sometimes, it is desirable to severly limit the access rights and privileges of a UNIX account. Once such example is when someone wants to set up a 'guest' account on a linux box for their friends to use. The owner, however, wants to prevent users from snooping around the system and to pre-empt any malicious activites. zsh provides this functionality through a restricted mode.

Benefits of Restricted Mode

When zsh is operating in restricted mode, the user can not:

The above are not enough to simply make an account 'secure'. You should take care to cautiously create startup files for the restricted shell.

Enabling Restricted Mode

There are three main ways to put zsh in restricted mode. The first two are at startup and the last can be used anytime...

1. Ssupplying the -r command-line option to zsh

2. Invoke zsh with a command that starts with 'r'.

An easy way to do this is to make a soft link called rzsh and point it to the zsh binary.

  lyric[251]: ln -s ./zsh rzsh
  lyric[252]: ./rzsh
  lyric[1]: cd
  cd: restricted
  zsh: exit 1

Note that you can still emulate another shell. After the 'r' is stripped off, the next letter is used to determine emulation. IE, rksh will cause zsh to emulate ksh, and run in restricted mode.

3. Turn on the shell option RESTRICTED at any time.