The rcsh term stand for ‘restricted command shell’. The purpose of it is to severly limit the access shell accounts have on a server. If rcsh is specified as shell command in ‘/etc/passwd’, only command available in a specific directory can be executed.

The idea for this program came from building a chroot cvs server that used ssh as transport. The documents I found for that configuration used a modified sendmail smrsh. Some enhancement came to mind which would make the whole concept more flexible and configurable. That’s how rcsh was born. It incorporates what I learned from studying the smrsh sources.

Some usage instructions are in order. For an account where restricted access is required, specify the rcsh command as login shell in ‘/etc/passwd’. Then create the ‘/etc/rcsh/rcsh’ directory and populate it with symlinks to binaries which may be executed by the account. For a different purpose it is possible to create a symlink to rcsh and specify the symlink in ‘/etc/passwd’. In that case, create a subdirectory under ‘/etc/rcsh’, named identical to the symlink and populate it with allowed commands. There is also a special case of noshell. If rcsh is run as noshell it disallows every attempted login. I guess ‘/bin/false’ does the same but I thought I’d throw it in anyways.

The latest archive can be found at

• rcsh-latest.tar.gz