Limitations of the restricted shell

The restricted shell environment does not enforce rights for commands that run outside of the shell. For example, if users run a graphical desktop manager, they can run commands and applications that are launched from menu selections in the graphical user interface.

In addition, the command rights defined for the dzsh shell do not prevent users from running built-in shell commands, accessing the file system, or seeing process or system information. For example, even in a restricted shell environment with no rights to run any commands, users in a dzsh shell could get a process listing using the following script:

for i in /proc/[0-9]*;
  do read PROC < $i/cmdline;
  echo $PROC;

Because the shell scripting environment allows the operations, users can effectively access information that the commands defined for the restricted shell environment do not allow.