Restricted User Shell
---------------------

The platform attempts to reduce the risk of unintentional harm to the
operation of the software by restricting the actions users can take.
This is done using a specially configured setup of the well-known and
actively maintained rbash shell.

The shell actively prevents the following:

* Users cannot set environment variables or alter their command path.
* Users cannot change the current directory.
* Users cannot specify a path to a command to run.

The commands users thus are able to run is only what is allowed by the
platform setup. The vast majority of these commands use a common
execution interface designed to allow only enough privileges to perform
the system administration tasks they are created for. The exact list of
commands a user can run is determined by his specific privileges and the
specific setup of the machine on which he is working (different
applications can add their own additional commands). This list is
displayed on login and can be redisplayed with the **help** command.