The restricted shell is used to set up login names and execution environments whose capabilities are more controlled than those of the regular Bourne shell. The Rsh or bsh -r command opens the restricted shell. The behavior of these commands is identical to those of the bsh command, except that the following actions are not allowed:
If the restricted shell determines that a command to be run is a shell procedure, it uses the Bourne shell to run the command. In this way, it is possible to provide an end user with shell procedures that access the full power of the Bourne shell while imposing a limited menu of commands. This situation assumes that the end user does not have write and execute permissions in the same directory.
If the File [Parameter] parameter is specified when the Bourne shell is started, the shell runs the script file identified by the File parameter, including any parameters specified. The script file specified must have read permission. Any setuid and setgid settings for script files are ignored. The shell then reads the commands. If using either the -c or -s flag is used, do not specify a script file.
When started with the Rsh command, the shell enforces restrictions after interpreting the .profile and /etc/environment files. Therefore, the writer of the .profile file has complete control over user actions by performing setup actions and leaving the user in an appropriate directory (probably not the login directory). An administrator can create a directory of commands in the /usr/rbin directory that the Rsh command can use by changing the PATH variable to contain the directory. If it is started with the bsh -r command, the shell applies restrictions when interpreting the .profile files.
When called with the name Rsh, the restricted shell reads the user's .profile file ($HOME/.profile). It acts as the regular Bourne shell while doing this, except that an interrupt causes an immediate exit instead of a return to command level.