以下命令和操作将被禁用
使用cd来更改工作目录。
更改以下变量的值:$PATH, $SHELL, $BASH_ENV或$ENV 环境变量.
读取或更改$SHELLOPTSshell 环境选项。
输出重定向。
调用包含一个或多个 / 的命令。
调用 exec 来替换 shell 的不同进程。
各种其他命令,这些命令可能会导致篡改或试图为了非预期目的破坏脚本。
在脚本中退出受限模式。
示例 22-1. 在受限模式下运行脚本
#!/bin/bash # Starting the script with "#!/bin/bash -r" #+ runs entire script in restricted mode. echo echo "Changing directory." cd /usr/local echo "Now in `pwd`" echo "Coming back home." cd echo "Now in `pwd`" echo # Everything up to here in normal, unrestricted mode. set -r # set --restricted has same effect. echo "==> Now in restricted mode. <==" echo echo echo "Attempting directory change in restricted mode." cd .. echo "Still in `pwd`" echo echo echo "\$SHELL = $SHELL" echo "Attempting to change shell in restricted mode." SHELL="/bin/ash" echo echo "\$SHELL= $SHELL" echo echo echo "Attempting to redirect output in restricted mode." ls -l /usr/bin > bin.files ls -l bin.files # Try to list attempted file creation effort. echo exit 0 |