Provided by: rush_2.3-1_amd64 bug


       rush - restricted user shell


       rush  [-htTx]  [-C  CHECK]  [-D  ATTR[,ATTR...]]  [-c  COMMAND] [-d NUMBER] [-i] [-u USER]
       [--debug NUMBER] [--dump=ATTR[,ATTR...]]  [--help]  [--show-default]  [--trace]  [--usage]
       [--version] [FILE]


       This  manpage  is  a  short description of GNU rush.  For a detailed discussion, including
       examples and usage recommendations, refer to the manual GNU  Rush  --  a  restricted  user
       shell,  available  in  texinfo  format.  If the info reader and the rush documentation are
       properly installed on your system, the command

           info rush

       should give you access to the complete manual.

       You can also view the manual using the info mode  in  emacs(1),  or  find  it  in  various
       formats online at


       If  any  discrepancies  occur  between  this  manpage  and  the Manual, the later shall be
       considered the authoritative source.


       GNU rush is a restricted user shell, designed for sites that provide limited remote access
       to their resources, such as svn or git repositories, scp, or the like.

       Upon startup rush analyzes its command line and examines the set of configuration rules to
       determine what kind of access the user is to be granted.


       -c COMMAND
              Execute COMMAND.

       -C, --security-check=CHECK
              Add or remove configuration security check.  The argument is one of the following:

              all    Enable all checks.

              owner  Check if the file is owned by root.

              iwgrp, groupwritablefile
                     Check if the file is not group writable.

              iwoth, worldwritablefile
                     Check if the file is not world writable.

              dir_iwgrp, groupwritabledir
                     Check if the directory where the file resides is not group writable.

              dir_iwoth, worldwritabledir
                     Check if the directory where the file resides is not world writable.

              link   Check if the file is not a symbolic link to a file residing in  a  group  or
                     world writable directory.

       -d, --debug=NUMBER
              Set  debugging  level.  The greater is the NUMBER, the more verbose is the logging.
              The debugging information is reported via syslog(3) using authpriv, priority debug.
              Maximum meaningful value for NUMBER is 3.

       -D, --dump=ATTR[,ATTR...]
              Request  dump mode.  Arguments are the names of the attributes to be dumped, or the
              word all standing for all attributes.  Refer to the GNU Rush manual for a  detailed

       -i     Emulate  interactive  access.   Use  this  option to test whether and how does your
              configuration allow interactive access.

              Show default configuration.

       -t, --test, --lint
              Run in test mode.  When this option is given, the following occurs:

              1.     All diagnostic messages are redirected to standard error, instead of syslog.

              2.     If a single non-option argument is present, it is taken as  a  name  of  the
                     configuration file to use.

              3.     The  configuration file is parsed.  If parsing fails, the program exits with
                     the code 1.

              4.     If the -c option is present, rush processes its argument  as  usual,  except
                     that the command itself is not executed.

       -T     Test scanner mode.  This option is used by the rush testsuite.

       -u, --user=NAME
              Supplies user name for use with --test.

       -x, --trace
              Print  parser traces.  When used twice, print lexical scanner traces as well.  This
              option is intended for debugging.


       rush.rc(5), rushlast(1), rushwho(1).


       Sergey Poznyakoff


       Report bugs to <>.


       Copyright © 2016-2019 Sergey Poznyakoff
       License GPLv3+: GNU GPL version 3 or later <>
       This is free software: you are free to change and redistribute it.  There is NO  WARRANTY,
       to the extent permitted by law.