Attention! Don’t confuse with Remote Shell - /usr/bin/rsh (man rsh)! Man page for /usr/lib/rsh is in section 1M:
# man -s 1m rsh
Restricted shell does not allow: * change directory * set PATH variable * run commands that have / in their name * redirect output using > and/or >>
The above restrictions are in effect after reading .profile. Therefore, a user should not have write access to his/her home directory; hence, he or she shall not be the owner of it. In .profile the variable PATH should be set to a directory that has symlinks to allowable commands.
To force using rsh, we need to set it as a user’s login shell in /etc/passwd
Imaging a server that is used only as an ssh gateway. The only command that users need is ssh:
# ln -s /usr/bin/ssh /usr/rbin/ssh # useradd -g <group> -d /export/home/<username> -s /usr/lib/rsh -c "Full Name" <username> # mkdir /export/home/<username> # cd /export/home/<username> # vi .profile PATH=/usr/rbin export PATH # passwd <username>