Restricted user shell
---------------------

The platform attempts to reduce the risk of unintentional harm to the
operation of the software by restricting the actions users can take.
This is done using a specially configured setup of the well-known and
actively maintained rbash shell.

The shell actively prevents users from the following:

* Setting environment variables or altering their command path.
* Changing the current directory.
* Specifying a path to a command to run.

Users are only able to run commands allowed by the platform setup. Most of these commands use a common
execution interface designed to allow only enough privileges to perform
the system administration tasks they are created for. The exact list of
commands a user can run is determined by their specific privileges and the
specific setup of the machine on which they're working (different
applications can add their own additional commands). This list is
displayed on login and can be redisplayed with the **help** command.