Using a restrictive shell, the system administrator can limit permissions on a system. This is typically used on shared web servers, jump servers, and other systems that provide access to untrusted users. The restrictive shell can allow a subset of commands that will then reduce the risk of abusing the system. This technique is often seen together with other security measures like chrooting.
Restrictive shells are typically used for system hardening.
Users for these tools include system administrators.
Popular restrictive shells
RabbitHole (restrictive shell)
Restrictive shells like RabbitHole are a good way to give someone access to the system without full access. This can be helpful to allow a junior admin to have a look at a system, without the option to break it. Similarly, it can be used for environments with high requirements for security and to give the bare minimum of permissions to each user.
Missing a favorite tool in this list? Share a tool suggestion and we will review it.