Restricted user shell

The platform attempts to reduce the risk of unintentional harm to the operation of the software by restricting the actions users can take. This is done using a specially configured setup of the well-known and actively maintained rbash shell.

The shell actively prevents users from the following:

• Setting environment variables or altering their command path.

• Changing the current directory.

• Specifying a path to a command to run.

Users are only able to run commands allowed by the platform setup. Most of these commands use a common execution interface designed to allow only enough privileges to perform the system administration tasks they are created for. The exact list of commands a user can run is determined by their specific privileges and the specific setup of the machine on which they’re working (different applications can add their own additional commands). This list is displayed on login and can be redisplayed with the help command.