Provided by: rush_2.3-1_amd64
rush - restricted user shell
rush [-htTx] [-C CHECK] [-D ATTR[,ATTR...]] [-c COMMAND] [-d NUMBER] [-i] [-u USER] [--debug NUMBER] [--dump=ATTR[,ATTR...]] [--help] [--show-default] [--trace] [--usage] [--version] [FILE]
This manpage is a short description of GNU rush. For a detailed discussion, including examples and usage recommendations, refer to the manual GNU Rush -- a restricted user shell, available in texinfo format. If the info reader and the rush documentation are properly installed on your system, the command info rush should give you access to the complete manual. You can also view the manual using the info mode in emacs(1), or find it in various formats online at http://www.gnu.org.ua/software/rush/manual If any discrepancies occur between this manpage and the Manual, the later shall be considered the authoritative source.
GNU rush is a restricted user shell, designed for sites that provide limited remote access to their resources, such as svn or git repositories, scp, or the like. Upon startup rush analyzes its command line and examines the set of configuration rules to determine what kind of access the user is to be granted.
-c COMMAND Execute COMMAND. -C, --security-check=CHECK Add or remove configuration security check. The argument is one of the following: all Enable all checks. owner Check if the file is owned by root. iwgrp, groupwritablefile Check if the file is not group writable. iwoth, worldwritablefile Check if the file is not world writable. dir_iwgrp, groupwritabledir Check if the directory where the file resides is not group writable. dir_iwoth, worldwritabledir Check if the directory where the file resides is not world writable. link Check if the file is not a symbolic link to a file residing in a group or world writable directory. -d, --debug=NUMBER Set debugging level. The greater is the NUMBER, the more verbose is the logging. The debugging information is reported via syslog(3) using authpriv, priority debug. Maximum meaningful value for NUMBER is 3. -D, --dump=ATTR[,ATTR...] Request dump mode. Arguments are the names of the attributes to be dumped, or the word all standing for all attributes. Refer to the GNU Rush manual for a detailed description. -i Emulate interactive access. Use this option to test whether and how does your configuration allow interactive access. --show-default Show default configuration. -t, --test, --lint Run in test mode. When this option is given, the following occurs: 1. All diagnostic messages are redirected to standard error, instead of syslog. 2. If a single non-option argument is present, it is taken as a name of the configuration file to use. 3. The configuration file is parsed. If parsing fails, the program exits with the code 1. 4. If the -c option is present, rush processes its argument as usual, except that the command itself is not executed. -T Test scanner mode. This option is used by the rush testsuite. -u, --user=NAME Supplies user name for use with --test. -x, --trace Print parser traces. When used twice, print lexical scanner traces as well. This option is intended for debugging.
Report bugs to <email@example.com>.
Copyright © 2016-2019 Sergey Poznyakoff License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law.