rnano

View documentation for the original command

rnano [options] [file...]

file...
    One or more files to open for editing. In restricted mode, rnano will generally only allow saving to these specified files.

-H, --help
    Show a summary of command-line options. Note: In restricted mode, access to help might be disabled by default for security reasons.

-V, --version
    Display the version number and exit. This option typically remains functional even in restricted mode.

rnano is a special invocation of the nano text editor that operates in a restricted mode. Its primary purpose is to provide a text editing utility in environments where full filesystem access, shell escapes, or other advanced features are deemed insecure or unnecessary. It is commonly used in chrooted jails, restricted user accounts, or system kiosks where users should only be able to edit specific files without broader system interaction.

When invoked as rnano (typically via a symbolic or hard link named rnano pointing to the nano executable), nano automatically activates its restricted mode. This mode disables several functionalities, including:

• Access to the shell (no shell escapes).
• File browsing outside of specified paths.
• Saving files to arbitrary locations (only to files opened on the command line).
• Spell checking.
• Access to most help documentation (configurable).
• The ability to suspend the editor.
• The ability to toggle many options interactively.

The exact set of restrictions can vary slightly based on the nano version and its compile-time options, but the core intent remains to provide a sandboxed editing experience.

rnano's security relies on the robustness of nano's restricted mode. It's not a hardened security boundary on its own; a determined or malicious user might still find ways to bypass restrictions if the underlying system environment is not properly secured (e.g., if shell access is available through other means, or if other vulnerable programs are accessible).

Many common nano features and options are disabled or rendered ineffective in rnano mode, which can be confusing for users expecting full nano functionality. Users cannot freely navigate the filesystem, execute external commands, or save to new file paths.

rnano is typically set up as a symbolic link (e.g., ln -s /bin/nano /usr/local/bin/rnano) or a hard link to the nano executable. When the system executes the command named rnano, the nano program detects its invocation name and automatically enables the restricted mode. This makes it convenient for system administrators to provide a limited editor without maintaining a separate codebase.

While rnano enforces strict limitations, its behavior can still be influenced by global nanorc configuration files (e.g., /etc/nanorc) or user-specific ones (~/.nanorc), although many options might be overridden or ignored due to the restricted mode's precedence. Specific nano versions might offer command-line options like --allow-restricted-help to selectively enable certain features even in restricted mode, but these are exceptions rather than the norm.

rnano is not a standalone application but a built-in feature of the nano text editor. nano itself originated as a free software clone of the Pico editor, which was part of the Pine email client. As nano grew in popularity, the need for a restricted mode arose to facilitate its use in secure or limited user environments, such as chroot jails, where users should not have full access to system resources. This restricted functionality was integrated directly into nano, allowing it to be invoked under a different name (rnano) to automatically activate these limitations. The concept of a restricted shell or editor is common in Unix-like systems for security and administrative purposes, and rnano fulfills this role for the nano editor.

nano(1), vi(1), vim(1), editor(1), sh(1), bash(1)