BCE-C712 Linux System Administration

0 of 83 lessons complete (0%)
Exit Course

Managing User Accounts

Shell in Unix

You don’t have access to this lesson

Please register or sign in to access the course content.

In Unix-like systems, a shell is a command-line interpreter that provides a user interface for interacting with the operating system. Shells allow users to run commands, scripts, and programs, as well as to manage files, processes, and system resources. Unix shells can also be used for scripting, enabling automation of tasks. Different types of shells offer various features, customization options, and scripting capabilities.

Common Unix Shells:

  1. Bourne Shell (sh)
    • Path: /bin/sh
    • Features:
      • One of the original Unix shells, created by Stephen Bourne.
      • Known for its simplicity and compatibility.
      • Often used in scripting for its wide compatibility across Unix systems.
    • Use Case: Simple scripts and backward-compatible scripts for various Unix systems.
  2. Bash (Bourne Again Shell)
    • Path: /bin/bash
    • Features:
      • Based on the Bourne Shell, with added features.
      • Supports command-line editing, improved scripting features, and better user interaction.
      • Default shell for many Unix-like systems, including Linux distributions.
      • Enhanced features like auto-completion, command history, and built-in debugging options.
    • Use Case: General-purpose shell for interactive use and scripting.
    • Example:bashCopy codeecho "Hello, World!"
  3. C Shell (csh)
    • Path: /bin/csh
    • Features:
      • Syntax is influenced by the C programming language.
      • Supports job control, history mechanisms, and aliases.
      • Allows command substitution and scripting with C-like syntax.
    • Use Case: Preferred by users with a background in C programming.
    • Example:cshCopy codeecho "Hello, World!"
  4. tcsh
    • Path: /bin/tcsh
    • Features:
      • An enhanced version of the C shell (csh).
      • Includes additional features like command-line editing, auto-completion, and improved history mechanisms.
    • Use Case: Interactive use for users familiar with csh who want modern features.
  5. Korn Shell (ksh)
    • Path: /bin/ksh
    • Features:
      • Combines features from both the Bourne shell and the C shell.
      • Provides better scripting capabilities than the Bourne shell and interactive features similar to the C shell.
      • Supports advanced features like arrays, functions, and floating-point arithmetic.
    • Use Case: Powerful scripting tasks and users who want a balance between interactive and scripting capabilities.
  6. Z Shell (zsh)
    • Path: /bin/zsh
    • Features:
      • A highly customizable shell with features from bash, ksh, and tcsh.
      • Known for advanced features like spell correction, theming, better tab completion, and plugin support.
      • Popular for interactive use, especially among power users.
    • Use Case: Interactive shell with customization and scripting capabilities.
    • Example: Often used with the Oh My Zsh framework for extensive customization.
  7. Dash (Debian Almquist Shell)
    • Path: /bin/dash
    • Features:
      • A lightweight and fast POSIX-compliant shell.
      • Used as the default /bin/sh in many Linux distributions due to its speed and efficiency.
      • Ideal for shell scripts that need to run quickly without interactive features.
    • Use Case: Simple scripts and performance-sensitive tasks.

Shell Features:

  • Interactive Use: Shells provide an environment where users can type commands and receive immediate feedback. This includes file management, process control, and system administration tasks.
  • Scripting: Most shells allow users to write shell scripts—automated sequences of commands. Shell scripts can automate routine tasks, manage backups, set up environments, etc.
  • Job Control: Shells like bash, ksh, and zsh provide job control features, allowing users to run tasks in the background or foreground, stop jobs, and manage multiple processes.
  • Command History: Modern shells such as bash, zsh, and tcsh offer command history, allowing users to easily recall and re-execute previous commands.
  • Customizability: Shells like zsh and bash allow extensive customization, such as defining aliases, functions, and environment variables.

Choosing the Right Shell:

  • For Scripting:
    • sh, bash, ksh are popular for scripting. Bash is commonly used due to its wide support and features.
    • dash is great for performance-critical scripts.
  • For Interactive Use:
    • bash is the default for most users.
    • zsh is gaining popularity due to its customizability and enhanced features.
    • tcsh and ksh are suitable for users who prefer specific syntax or features from C shell or Korn shell.

Switching Shells:

You can switch between shells by typing the shell name. For example, to switch to zsh, type:

zsh

To change the default shell permanently, use the chsh (change shell) command:

chsh -s /bin/zsh

Summary:

  • Bourne Shell (sh): Simple, original shell used for basic tasks.
  • Bash: Default shell in many Unix-like systems, ideal for both scripting and interactive use.
  • C Shell (csh): Shell with C-like syntax, useful for programmers familiar with C.
  • tcsh: Improved version of C shell, with enhanced features.
  • Korn Shell (ksh): Powerful scripting shell with features from Bourne and C shell.
  • Z Shell (zsh): Highly customizable shell, ideal for power users.
  • Dash: Lightweight, fast, POSIX-compliant shell for performance-sensitive scripts.

Each shell has its own strengths and is chosen based on user preferences and specific use cases.

Restricted Shell

A restricted shell in Unix-like systems is a modified version of a standard shell that limits the user’s ability to perform certain actions. These restrictions are implemented to enhance security or control over what a user can do, particularly in multi-user environments or systems where specific user privileges need to be carefully managed.

A restricted shell imposes several limitations compared to a standard shell. The restrictions may vary slightly depending on the specific shell being used, but the common limitations include:

  1. Restricted Command Execution
  2. Restricted Access to Changing Directories (cd)
  3. No Path Modification (PATH)
  4. No Executing Programs by Absolute Path
  5. No Redirection of Input/Output
  6. No Execution of Shell Scripts
  7. No Command Aliases

Use Cases for Restricted Shells:

  1. Guest Accounts:
    • Restricted shells can be used for guest users or visitors who need limited access to a system without risking damage or unauthorized activities.
  2. SFTP-Only Access:
    • For users who need only file transfer capabilities (e.g., SFTP), a restricted shell can be used to prevent shell access but allow the necessary file-related commands.
  3. Kiosk Environments:
    • In systems designed for specific tasks (such as kiosks), a restricted shell can limit users to only the commands necessary to perform their tasks, preventing them from exploring or misusing the system.
  4. Chroot Environments:
    • Restricted shells can be combined with a chroot jail (isolating users in a specific directory) to create a highly controlled and secure user environment.
  5. Training and Education:
    • In training environments where users are given access to a shell but should not modify the system or perform administrative tasks, restricted shells can be used to ensure users focus only on allowed commands.

How to Use a Restricted Shell:

Several standard shells support restricted modes, including bash, ksh, and sh. You can invoke a restricted shell in the following ways:

Using rbash (Restricted Bash): Bash has a built-in restricted mode. To start a restricted bash shell, use:

rbash 
or

bash --restricted

Set a Restricted Shell as the Default Shell: The system administrator can set a user’s default shell to a restricted shell by changing the user’s entry in the /etc/passwd file:

user:x:1001:1001::/home/user:/bin/rbash

Invoking a Shell with a Restricted Name: Simply renaming a shell to a restricted name (e.g., renaming bash to rbash) may also automatically invoke the restricted mode.

Practical Example:

Suppose you want to restrict a user guest to a specific directory and only allow a limited set of commands for basic tasks. The steps might be:

  1. Create a new user with restricted bash:bashCopy codesudo useradd -s /bin/rbash guest
  2. Lock the user into their home directory by removing access to cd and modifying their PATH to only allow access to a few commands.
  3. Use chroot if necessary to fully lock the user into a specific directory tree.

Summary of Restricted Shell Features:

FeatureDescription
No cd commandPrevents users from changing directories.
No path modificationUsers can’t modify the PATH environment variable.
No absolute path executionCommands can’t be executed with an absolute path (e.g., /bin/bash).
Limited access to commandsUsers can only run certain predefined commands.
No file redirectionPrevents redirecting input/output (e.g., > or <).
No script executionUsers can’t execute shell scripts.
No alias usageUsers can’t set or use command aliases.