Does that work? I've never seen it used. It seems easy to escape.
The docs seem to suggest using alternate approaches.
> Modern systems provide more secure ways to implement a restricted environment, such as jails, zones, or containers.
https://www.gnu.org/software/bash/manual/html_node/The-Restr...
I don't think I've ever seen it used. I think the idea was back in the day when you wanted to let a user have a shell login (because that's the only way you could use a shared computer) but wanted to confine them to a specific directory and prevent them running anything that wasn't in the pre-defined PATH that you set for them.
>> bash actually has a "restricted" mode ...
> Does that work? I've never seen it used. It seems easy to escape.
Yes, it does work for its intended purpose. It has often been used in combination with chroot[0] as well.
> The docs seem to suggest using alternate approaches.
>> Modern systems provide more secure ways to implement a restricted environment, such as jails, zones, or containers.
These approaches are not mutually exclusive with restricted shell use. For example, one could use FreeBSD jails to secure Apache httpd and/or Nginx and still employ a restricted shell to evaluate requests.
0 - https://man.freebsd.org/cgi/man.cgi?query=chroot&apropos=0&s...