• Version 3.5 and earlier: shellforbiddencommands variable not available.
  • Version 4.0 and later: shellforbiddencommands variable available.


This variable contains a list of strings that specify commands that will be rejected by pbksh and pbsh without consulting a Privilege Management for Unix and Linux policy server daemon. Each element of the list can contain either a command basename or absolute path. Shell template characters can be used at any point. This variable is used by pbsh and pbksh at startup time.

shellforbiddencommands = list;

A list of strings as described above.

if (pbclientmode == "shell start")
shellforbiddencommands = {"/etc/*", "/usr/sbin/*",
"format", "/sbin/umount"};