I want to create a new user with a restricted shell so I :
ln -s bash rbash # create a symbolic link to bash with a name "rbash"
useradd -s /bin/rbash student # add a new user with a shell pointing to that symlink I've created
passwd student # create a password
su - student # Login as a user
However afterwards I can cd into wherever I want. It looks like a restricted shell doesn't work. Why ?
In man bash, the restricted shell is mentioned as follows:
If bash is started with the name rbash, or the -r option is supplied at invocation, the shell becomes restricted.
However, it looks like the version of su in Ubuntu 18.04 replaces the name of the shell with su; so when bash looks at its argv[0] it sees su (or -su in the case that su was invoked with one of the -, -l or --login options) instead of rbash (or -rbash).
You can actually change this behavior by editing the /etc/login.defs file and commenting out the SU_NAME setting:
# If defined, the command name to display when running "su -". For
# example, if this is defined as "su" then a "ps" will display the
# command is "-su". If not defined, then "ps" would display the
# name of the shell actually being run, e.g. something like "-sh".
#
# SU_NAME su
Whether this is a good idea, or may have other unintended consequences, I can't say. Note that newer versions of Ubuntu likely use a different implementation of /bin/su (from the util-linux package) which may not exhibit the same behavior.
