Rbash link for kinoite/silverblue


Is it possible to create a local link to use rbash in kinoite/silverblue installations? If not, how would it the process to make it widely available in future updates, filling a bug for a feature request?


In Kinoite/Silverblue installations, rbash (restricted bash) is not included by default because these systems are designed to be minimal and immutable. However, you can create a local link to rbash if you have specific requirements for using it.

  1. Install rbash if it’s not already installed:
sudo dnf install bash
  1. Create a symbolic link to rbash:
ln -s /usr/bin/rbash /usr/local/bin/rbash

After creating the symbolic link, you should be able to use rbash by simply typing rbash in your terminal.
However, it’s important to note that using rbash or any restricted shell on a Silverblue system might go against the intended design principles of the system.

Thanks, there is no need to install anything, I just did the link by:

$ ln -sv /bin/bash /usr/local/bin/rbash

and that is sufficient to bash to understand it is a restricted shell. How does this come against the design of kinoite?

I would argue that it doesn’t.

The architecture of the Atomic Desktop versions are such that the maintainers of those versions have to make choices of what goes into the default package set. They can’t include everything for every use case, so it is expected that users will want to customize their experience to suit their needs.

Client-side layering of additional packages via rpm-ostree install <package(s)> has long been a supported option and is perfectly fine to use. Even sticking custom scripts or binaries in /usr/local/bin is a valid use case and should work just fine.

In my opinion, the most important design principle of the Atomic Desktops is that they make upgrades more reliable and provide a way to recover from an upgrade that doesn’t behave as expected. You can literally pull the power of an Atomic Desktop system doing an OS upgrade and it will still boot fine afterwards. If the new version of your Atomic Desktop doesn’t work as expected, you can just rollback to the previous version. (I think I stated the obvious, but maybe this helps inform someone. :smile: )

I would urge folks to reconsider any future arguments about the validity or acceptability of customizing your Atomic Desktop experience to suit your needs.

That won’t work with the Atomic Desktop variants. You have to use rpm-ostree install <package name> and note, sudo is not required. When making a suggestion for the Atomic desktop versions you really should try it in a VM if you’re running the standard Workstation Edition.