bash actually has a "restricted" mode which is sort of like that. In restricted mode, the ...

SoftTalker • yesterday at 2:52 PM • 1 reply • view on HN

bash actually has a "restricted" mode which is sort of like that. In restricted mode, the following are disallowed:

- Changing directories with cd.

- Setting or unsetting the values of SHELL, PATH, HISTFILE, ENV, or BASH_ENV.

- Specifying command names containing /.

- Importing function definitions from the shell environment at startup.

- Parsing the values of BASHOPTS and SHELLOPTS from the shell environment at startup.

... some other things mainly preventing you from escaping or disabling the restricted mode.

8organicbits • yesterday at 3:10 PM

Does that work? I've never seen it used. It seems easy to escape.

The docs seem to suggest using alternate approaches.

> Modern systems provide more secure ways to implement a restricted environment, such as jails, zones, or containers.

➕ show 1 reply

alt Hacker News