/proc/2/root/usr/share/doc/bash
This explorer reads the filesystem of the server it runs on, so /workspace/user isn't present here. Browsing and the terminal still work against this server's own disk from /.
6.10 The Restricted Shell========================= If Bash is started with the name 'rbash', or the '--restricted' or '-r'option is supplied at invocation, the shell becomes restricted. Arestricted shell is used to set up an environment more controlled thanthe standard shell. A restricted shell behaves identically to 'bash'with the exception that the following are disallowed or not performed: * Changing directories with the 'cd' builtin. * Setting or unsetting the values of the 'SHELL', 'PATH', 'HISTFILE', 'ENV', or 'BASH_ENV' variables. * Specifying command names containing slashes. * Specifying a filename containing a slash as an argument to the '.' builtin command. * Specifying a filename containing a slash as an argument to the 'history' builtin command. * Specifying a filename containing a slash as an argument to the '-p' option to the 'hash' builtin command. * Importing function definitions from the shell environment at startup. * Parsing the value of 'SHELLOPTS' from the shell environment at startup. * Redirecting output using the '>', '>|', '<>', '>&', '&>', and '>>' redirection operators. * Using the 'exec' builtin to replace the shell with another command. * Adding or deleting builtin commands with the '-f' and '-d' options to the 'enable' builtin. * Using the 'enable' builtin command to enable disabled shell builtins. * Specifying the '-p' option to the 'command' builtin. * Turning off restricted mode with 'set +r' or 'shopt -u restricted_shell'. These restrictions are enforced after any startup files are read. When a command that is found to be a shell script is executed (*noteShell Scripts::), 'rbash' turns off any restrictions in the shellspawned to execute the script. The restricted shell mode is only one component of a useful restrictedenvironment. It should be accompanied by setting 'PATH' to a value thatallows execution of only a few verified commands (commands that allowshell escapes are particularly vulnerable), changing the currentdirectory to a non-writable directory other than '$HOME' after login,not allowing the restricted shell to execute shell scripts, and cleaningthe environment of variables that cause some commands to modify theirbehavior (e.g., 'VISUAL' or 'PAGER'). Modern systems provide more secure ways to implement a restrictedenvironment, such as 'jails', 'zones', or 'containers'.