GNU Info

(zsh.info)Restricted Shell

---

Prev: Compatibility Up: Invocation

---

Enter node , (file) or (file)node

Restricted Shell
================

When the basename of the command used to invoke zsh starts with the
letter `r' or the `-r' command line option is supplied at invocation,
the shell becomes restricted.  Emulation mode is determined after
stripping the letter `r' from the invocation name.  The following are
disabled in restricted mode:

   * changing directories with the cd builtin

   * changing or unsetting the PATH, path, MODULE_PATH, module_path,
     SHELL, HISTFILE, HISTSIZE, GID, EGID, UID, EUID, USERNAME,
     LD_LIBRARY_PATH, LD_AOUT_LIBRARY_PATH, LD_PRELOAD and
     LD_AOUT_PRELOAD parameters

   * specifying command names containing /

   * specifying command pathnames using hash

   * redirecting output to files

   * using the exec builtin command to replace the shell with another
     command

   * using jobs -Z to overwrite the shell process' argument and
     environment space

   * using the ARGV0 parameter to override argv[0] for external commands

   * turning off restricted mode with set +r or unsetopt RESTRICTED

These restrictions are enforced after processing the startup files.  The
startup files should set up PATH to point to a directory of commands
which can be safely invoked in the restricted environment.  They may
also add further restrictions by disabling selected builtins.

Restricted mode can also be activated any time by setting the
RESTRICTED option.  This immediately enables all the restrictions
described above even if the shell still has not processed all startup
files.