Provided by: rssh_2.3.3-1_i386 bug


       /etc/rssh.conf - configuration file for rssh


       rssh.conf  is  the  configuration  file for rssh.  It allows the system
       administrator to control the  behavior  of  the  shell.   Configuration
       keywords  are  either  used  by themselves on a line, or followed by an
       equal sign ('=') and a configuration value.  Comments start with a hash
       ('#')  and  can  occur anywhere on the line.  Configuration options are
       case insensitive. Spaces at the beginning or end of  line,  or  between
       the  equal  sign  and the configuration keywords or values are ignored.
       If the value of a configuration option contains spaces, it (or at least
       the space) must be enclosed in either single or double quotes.

       A  default  configuration file is provided with the source distribution
       of rssh.  If the configuration file is missing or contains errors,  ssh
       will  lock  out all users.  If a config file is present, the default is
       to lock out users if no services have been explicitly allowed.

       New in v2.1 is the ability to configure options on  a  per-user  basis,
       using the user keyword.  More details are below.


              Tells the shell that scp is allowed.

              Tells the shell that sftp is allowed.

              Tells the shell that cvs is allowed.

              Tells the shell that rdist is allowed.

              Tells the shell that rsync is allowed.

              Tells the shell that svnserve is allowed.

              Sets the umask value for file creations in the scp/sftp session.
              This is normally set at login time  by  the  user's  shell.   In
              order not to use the system default, rssh must set the umask.

              Allows  the system administrator to control what syslog facility
              rssh logs to.  The facilities are the  same  as  those  used  by
              syslogd.conf(5),  or the C macros for the facilities can be used
              instead.  For example:


              are equivalent, and tell rssh  to  use  the  user  facility  for
              logging to syslog.

              Causes  rssh  (actually  a  helper program) to call the chroot()
              system call, changing the root of the file  system  to  whatever
              directory  is  specified.  Note that the value on the right hand
              side of the equal sign  is  the  name  of  a  directory,  not  a
              command.  For example:


              will  change the root of the virtual file system to /usr/chroot,
              preventing the user from being able  to  access  anything  below
              /usr/chroot in the file system, and making /usr/chroot appear to
              be the root directory.  Care must be taken to set  up  a  proper
              chroot jail; see the file CHROOT in the rssh source distribution
              for hints about how to do this.   See  also  the  chroot(2)  man

              If  the  user's  home directory (as specified in /etc/passwd) is
              underneath the path specified by this  keyword,  then  the  user
              will  be  chdir'd into their home directory.  If it is not, then
              they will be chdir'd to the root of the chroot jail.

              In other words, if the jail is /chroot,  and  your  user's  home
              directory  is  /chroot/home/user,  then  once rssh_chroot_helper
              changes the root of the  system,  it  will  cd  into  /home/user
              inside  the  jail.   However,  if  your user's home directory is
              given as /home/user in /etc/passwd, then even if that  directory
              exists  in the jail, the chroot helper will not try to cd there.
              The user's normal home directory must live inside the  jail  for
              this to work.

              The  user  keyword  allows for the configuration of options on a
              per-user basis.  THIS KEYWORD OVERRIDES ALL OTHER  KEYWORDS  FOR
              THE SPECIFIED USER.  That is, if you use a user keyword for user
              foo, then foo will use only the settings in that user line,  and
              not  any  of the settings set with the keywords above.  The user
              keyword's argument consists of a group of fields separated by  a
              colon (':'), as shown below.  The fields are, in order:

                     The  username  of  the  user  for whom the entry provides
                     The umask for this user, in octal, just as  it  would  be
                     specified to the shell
              access bits
                     Six  binary  digits,  which  indicate whether the user is
                     allowed to use rsync, rdist, cvs, sftp, scp and svnserve,
                     in  that  order.   One means the command is allowed, zero
                     means it is not.
                     The directory to which this user should be chrooted (this
                     is   not  a  command,  it  is  a  directory  name).   See
                     chroot_path above for complete details.

              For example, you might have something like this:

              user = luser:022:000010:

              This does the following: for the user with the username "luser",
              set  the  umask  to  022, disallow sftp, and allow scp.  Because
              there is  no  chroot  path  specified,  the  user  will  not  be
              chrooted,  regardless  of  default options set with the keywords
              above.  If you wanted this user to be chrooted, you  would  need
              to  specify the chroot path explicitly, even if it should be the
              same as that set using the chrootpath keyword.  Remember that if
              there  are  spaces  in the path, you need to quote it, something
              like this:

              user = "luser:022:000010:/usr/local/chroot dir"

              See the default rssh.conf file for more examples.


       rssh(1),    sshd(8),    ssh(1),    scp(1),    sftp(1),     svnserve(8),
       syslogd.conf(5), chroot(2).