Home / ubuntu / Questions / 1247938
Accepted
Tomas.R
Asked: 2020-06-08 08:01:16 +0800 CST

Restricted shell is not working for a newly created user (ubuntu 18.04)

  • 772

I want to create a new user with a restricted shell so I : 

ln -s bash rbash  # create a symbolic link to bash with a name "rbash" 

useradd -s /bin/rbash student # add a new user with a shell pointing to that symlink I've created

passwd student # create a password 

su - student # Login as a user

However afterwards I can cd into wherever I want. It looks like a restricted shell doesn't work. Why ?

permissions ssh bash restricted

1 Answers

  1. Best Answer

    In man bash, the restricted shell is mentioned as follows:

       If bash is started with the name rbash, or the -r option is supplied at
   invocation, the shell becomes restricted.

    However, it looks like the version of su in Ubuntu 18.04 replaces the name of the shell with su; so when bash looks at its argv[0] it sees su (or -su in the case that su was invoked with one of the -, -l or --login options) instead of rbash (or -rbash).

    You can actually change this behavior by editing the /etc/login.defs file and commenting out the SU_NAME setting:

    # If defined, the command name to display when running "su -".  For
# example, if this is defined as "su" then a "ps" will display the
# command is "-su".  If not defined, then "ps" would display the
# name of the shell actually being run, e.g. something like "-sh".
#
# SU_NAME               su

    Whether this is a good idea, or may have other unintended consequences, I can't say. Note that newer versions of Ubuntu likely use a different implementation of /bin/su (from the util-linux package) which may not exhibit the same behavior.

    • 2