shellforbiddencommands

Version 3.5 and earlier: shellforbiddencommands variable not available.
Version 4.0 and later: shellforbiddencommands variable available.

Data Type

List

Description

This variable contains a list of strings that specify commands that will be rejected by pbksh and pbsh without consulting an Endpoint Privilege Management for Unix and Linux policy server daemon. Each element of the list can contain either a command basename or absolute path. Shell template characters can be used at any point. This variable is used by pbsh and pbksh at startup time.

Syntax

shellforbiddencommands = list;

Valid Values

A list of strings as described above.

if (pbclientmode == "shell start")
shellforbiddencommands = {"/etc/*", "/usr/sbin/*",
"format", "/sbin/umount"};

For more information, see the following:

pbclientmode
shellallowedcommands
shellcheckbuiltins
shellcheckredirections
shelllogincludefiles
shellreadonly