Provided by: rssh_2.3.3-1_amd64 bug


       /etc/rssh.conf - configuration file for rssh


       rssh.conf  is  the  configuration  file  for  rssh.  It allows the system administrator to
       control the behavior of the shell.  Configuration keywords are either used  by  themselves
       on  a  line, or followed by an equal sign ('=') and a configuration value.  Comments start
       with a hash ('#') and can occur anywhere on the  line.   Configuration  options  are  case
       insensitive.  Spaces  at  the  beginning or end of line, or between the equal sign and the
       configuration keywords or values are ignored.  If the  value  of  a  configuration  option
       contains  spaces,  it  (or at least the space) must be enclosed in either single or double

       A default configuration file is provided with the source distribution  of  rssh.   If  the
       configuration  file  is  missing  or  contains  errors, ssh will lock out all users.  If a
       config file is present, the default is  to  lock  out  users  if  no  services  have  been
       explicitly allowed.

       New  in  v2.1  is  the  ability  to  configure options on a per-user basis, using the user
       keyword.  More details are below.


              Tells the shell that scp is allowed.

              Tells the shell that sftp is allowed.

              Tells the shell that cvs is allowed.

              Tells the shell that rdist is allowed.

              Tells the shell that rsync is allowed.

              Tells the shell that svnserve is allowed.

              Sets the umask value for file creations in the scp/sftp session.  This is  normally
              set  at  login  time  by the user's shell.  In order not to use the system default,
              rssh must set the umask.

              Allows the system administrator to control what syslog facility rssh logs to.   The
              facilities  are  the same as those used by syslogd.conf(5), or the C macros for the
              facilities can be used instead.  For example:


              are equivalent, and tell rssh to use the user facility for logging to syslog.

              Causes rssh (actually a helper program) to call the chroot() system call,  changing
              the  root  of  the  file  system to whatever directory is specified.  Note that the
              value on the right hand side of the equal sign is the name of a  directory,  not  a
              command.  For example:


              will change the root of the virtual file system to /usr/chroot, preventing the user
              from being able to access anything below /usr/chroot in the file system, and making
              /usr/chroot appear to be the root directory.  Care must be taken to set up a proper
              chroot jail; see the file CHROOT in the rssh source distribution  for  hints  about
              how to do this.  See also the chroot(2) man page.

              If  the  user's home directory (as specified in /etc/passwd) is underneath the path
              specified by this keyword, then the user will be chdir'd into their home directory.
              If it is not, then they will be chdir'd to the root of the chroot jail.

              In  other  words,  if  the  jail  is  /chroot,  and  your  user's home directory is
              /chroot/home/user, then once rssh_chroot_helper changes the root of the system,  it
              will cd into /home/user inside the jail.  However, if your user's home directory is
              given as /home/user in /etc/passwd, then even if that directory exists in the jail,
              the  chroot helper will not try to cd there.  The user's normal home directory must
              live inside the jail for this to work.

              The user keyword allows for the configuration of options on a per-user basis.  THIS
              user keyword for user foo, then foo will use only the settings in that  user  line,
              and  not  any  of  the  settings  set  with the keywords above.  The user keyword's
              argument consists of a group of fields separated by a colon (':'), as shown  below.
              The fields are, in order:

                     The username of the user for whom the entry provides options
                     The  umask  for  this  user,  in octal, just as it would be specified to the
              access bits
                     Six binary digits, which indicate whether the user is allowed to use  rsync,
                     rdist, cvs, sftp, scp and svnserve, in that order.  One means the command is
                     allowed, zero means it is not.
                     The directory to which this user should be chrooted (this is not a  command,
                     it is a directory name).  See chroot_path above for complete details.

              For example, you might have something like this:

              user = luser:022:000010:

              This  does  the following: for the user with the username "luser", set the umask to
              022, disallow sftp, and allow scp.  Because there is no chroot path specified,  the
              user  will  not  be  chrooted,  regardless of default options set with the keywords
              above.  If you wanted this user to be chrooted,  you  would  need  to  specify  the
              chroot  path  explicitly,  even  if  it  should  be  the same as that set using the
              chrootpath keyword.  Remember that if there are spaces in the  path,  you  need  to
              quote it, something like this:

              user = "luser:022:000010:/usr/local/chroot dir"

              See the default rssh.conf file for more examples.


       rssh(1), sshd(8), ssh(1), scp(1), sftp(1), svnserve(8), syslogd.conf(5), chroot(2).