Provided by: rush_2.3-1_amd64 
NAME
rush - restricted user shell
SYNOPSIS
rush [-htTx] [-C CHECK] [-D ATTR[,ATTR...]] [-c COMMAND] [-d NUMBER] [-i] [-u USER]
[--debug NUMBER] [--dump=ATTR[,ATTR...]] [--help] [--show-default] [--trace] [--usage]
[--version] [FILE]
NOTE
This manpage is a short description of GNU rush. For a detailed discussion, including
examples and usage recommendations, refer to the manual GNU Rush -- a restricted user
shell, available in texinfo format. If the info reader and the rush documentation are
properly installed on your system, the command
info rush
should give you access to the complete manual.
You can also view the manual using the info mode in emacs(1), or find it in various
formats online at
http://www.gnu.org.ua/software/rush/manual
If any discrepancies occur between this manpage and the Manual, the later shall be
considered the authoritative source.
DESCRIPTION
GNU rush is a restricted user shell, designed for sites that provide limited remote access
to their resources, such as svn or git repositories, scp, or the like.
Upon startup rush analyzes its command line and examines the set of configuration rules to
determine what kind of access the user is to be granted.
OPTIONS
-c COMMAND
Execute COMMAND.
-C, --security-check=CHECK
Add or remove configuration security check. The argument is one of the following:
all Enable all checks.
owner Check if the file is owned by root.
iwgrp, groupwritablefile
Check if the file is not group writable.
iwoth, worldwritablefile
Check if the file is not world writable.
dir_iwgrp, groupwritabledir
Check if the directory where the file resides is not group writable.
dir_iwoth, worldwritabledir
Check if the directory where the file resides is not world writable.
link Check if the file is not a symbolic link to a file residing in a group or
world writable directory.
-d, --debug=NUMBER
Set debugging level. The greater is the NUMBER, the more verbose is the logging.
The debugging information is reported via syslog(3) using authpriv, priority debug.
Maximum meaningful value for NUMBER is 3.
-D, --dump=ATTR[,ATTR...]
Request dump mode. Arguments are the names of the attributes to be dumped, or the
word all standing for all attributes. Refer to the GNU Rush manual for a detailed
description.
-i Emulate interactive access. Use this option to test whether and how does your
configuration allow interactive access.
--show-default
Show default configuration.
-t, --test, --lint
Run in test mode. When this option is given, the following occurs:
1. All diagnostic messages are redirected to standard error, instead of syslog.
2. If a single non-option argument is present, it is taken as a name of the
configuration file to use.
3. The configuration file is parsed. If parsing fails, the program exits with
the code 1.
4. If the -c option is present, rush processes its argument as usual, except
that the command itself is not executed.
-T Test scanner mode. This option is used by the rush testsuite.
-u, --user=NAME
Supplies user name for use with --test.
-x, --trace
Print parser traces. When used twice, print lexical scanner traces as well. This
option is intended for debugging.
SEE ALSO
rush.rc(5), rushlast(1), rushwho(1).
AUTHORS
Sergey Poznyakoff
BUG REPORTS
Report bugs to <bug-rush@gnu.org.ua>.
COPYRIGHT
Copyright © 2016-2019 Sergey Poznyakoff
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it. There is NO WARRANTY,
to the extent permitted by law.