Provided by: rush_2.3-1_amd64 
NAME
rush.rc - configuration rules for remote user shell
DESCRIPTION
The file /etc/rush.rc contains a set of rules that the rush(8) shell uses in order to
determine whether the user is allowed to execute the requested command and to set up the
environment for its execution.
Empty lines are ignored. Lines beginning with a pound sign are comments and are ignored
as well.
Except for comments and empty lines, each line of the configuration file consists of the
keyword and optional value, and constitutes a statement. Exceedingly long lines may be
split across multiple physical lines, by ending each line with a backslash immediately
followed by a newline. Statements fall into two major classes: section and regular
statements. A section statement serves as a container for one or more regular statements
that pursue the same goal, thus playing the role of a chapter in a book. A regular
statement modifies a certain aspect of the program's behavior.
The overall file structure is as follows:
rush 2.0
global
keyword value
...
rule A
keyword value
...
rule B
keyword value
...
A configuration file must begin with a rush statement indicating the version of the syntax
this file uses. Current versions of rush implement syntax version 2.0. In the absence of
the initial rush statement, the program will treat the configuration file as written in
legacy configuration syntax (see http://www.gnu.org.ua/software/rush/manual/1.x for
details).
There are two section statements: global and rule. The global section contains statements
configuring the behavior of the program in general. There can be as many global
statements in the configuration as you consider necessary, each of them affecting the
material up to the next global statement, or end of the file, whichever occurs first.
Examples of statements that can be used in a global section are: debug, which sets the
debug verbosity level, message, which configures error messages, etc. See the global
section for the full list.
One or more rule statements constitute the core of the configuration. Each rule statement
provides a recipe for serving a specific class of input commands. When rush is invoked
with a specific command, it will scan the configuration file looking for a rule that
matches the requested command line. If such a rule is found, it will be applied.
Commands that don't match any rule will be rejected.
A rule statement may be followed by a tag, an arbitrary sequence of non-whitespace
characters serving as a label for this rule. This sequence will be used in diagnostic
messages to identify this rule. In the absence of user-supplied tag, the default one will
be generated, consisting of the # symbol followed by the ordinal number of the rule in the
configuration file (started with 1).
To match a particular command, each rule should contain the match statement. Its argument
is a conditional expression that can contain comparison and boolean operators. The
operands can refer to the command line using shell-like variables: $command to refer to
the entire command line, $#, referring to the number of arguments in the command line (the
command itself being counted as one of the arguments), $0 meaning the command name, and
$1, $2, etc., referring to the particular command line arguments (arguments past the ninth
one can be accessed as, e.g. ${10}). For example, the following rule:
rule
match $command == "ls"
will match only the ls command without arguments.
The ~ (tilde) operator denotes regular expression matching. For example, the following
rule matches ls command, optionally preceded with any path prefix:
rule
match $0 ~ "^(.*/)?ls$"
Match expressions can contain terms of arbitrary complexity. Consider the following
example:
rule
match $0 ~ "^(.*/)?ls$" && $# == 2 \
&& $1 !~ "^(/|/etc)$"
This rule will match any ls command having exactly one argument, unless that argument is /
or /etc. Notice the use of the !~ operator to denote the negated regular expression
matching, and the use of backslash to split a single expression across two physical lines.
Variables are referenced using the same syntax as in shell. For example, ${1:-/bin}
expands to the value of the first parameter, if it is supplied, or to the string "/bin"
otherwise. For details. see the section REFERENCE: VARIABLE EXPANSION.
Although important, the match statement is not mandatory in a rule statement. If it is
absent, the rule will match any command line. This is normally used in fall-through
rules. A fall-through rule applies modifications to the command environment. After
applying such rule, the scanning resumes at the rule that follows it. Fall-through rules
are marked with the fall-through statement.
set
A rule can modify the command line and environment in which it will be executed. The set
statement is provided for altering the command line or its parts. It takes three
arguments: the variable name or index, the operator and the value. For example, the
statement:
set command = "/bin/sftp-server -u 002"
replaces the entire command line. To replace particular arguments, use the [N] syntax,
where N is the index of the argument in the command line. For example, to set the first
argument:
set [1] = "/tmp"
The part to the right of the equals sign can contain a transformation, i.e. a string
followed by the ~ operand and a s-expression of the form s/regexp/replacement/[flags].
Parenthesized groups in regexp can be referred to in replacement using the backreference
construct \N, where N is the 1-based ordinal number of the group. For example, the
following statement sets the second argument to the directory part of the first one:
set [2] = "$1" ~ "s/(.*)\\//\\1/"
Two points are worth noticing. First, the left operand of ~ undergoes variable expansion.
Secondly, the right-hand side operand is quoted and therefore each backslash in it has to
be escaped.
The special operator =~ is used if the resulted value is assigned to the same variable
that served as its argument. For example, the two statements below are equivalent:
set [1] =~ "s/(.*)\\//\\1/"
set [1] = "$1" ~ "s/(.*)\\//\\1/"
Parenthesized groups matched by the most recent set statement remain available for use in
the statements that follow it in the rule. To refer to the group from the recent
matching, use the following construct: %N. For example, the following two statements set
the first argument to the directory part, and second argument to the base name of the
original $1 value:
set [1] =~ "s/(.*)\\/(.*)/\\1/"
set [2] = %2
The set statement operates not only on positional arguments and built-in variables, but
also on arbitrary user-defined variables. A user-defined variable springs into existence
when it first appears as a left-hand side argument to the set statement. The name of the
variable must follow the usual rules for variable names: it must begin with an
alphabetical character or underscore and contain only letters, digits and underscores.
References to user-defined variables follow the same syntax as for built-in ones.
The following example uses temporary variable temp to swap two arguments:
set temp = $1
set [1] = $2
set [2] = $temp
unset
Variable definitions can be removed using the unset statement. It takes variable name or
positional argument index as its argument:
unset temp
When index is given, the corresponding positional argument is removed and all arguments to
the right of it are shifted one position left to occupy the released slot. For example,
given the command line
scp -d -v -t /incoming
the statement
unset 1
will reduce it to
scp -v -t /incoming
delete
The delete statement provides a generalization of unset for positional arguments. It
takes one or two argument indexes as arguments. When used with one index, it provides the
same functionality as unset. When two indices are given, it deletes all arguments between
those indices (inclusive). For example, the statement
delete 1 2
will change the command line from the above example to
scp -t /incoming
Using negative indices, one can indicate arguments counting from right to left. Thus, the
following will delete all arguments starting from the third:
delete 3 -1
remopt
Whereas delete and unset remove arguments at given positions, the remopt statement allows
you to remove specific command line options from the command line. This is useful to
ensure no potentially harmful options can be passed by the user. The statement takes one
or two arguments. First argument supplies the short option letter. For example, the
following removes all occurrences of the -A option:
remopt A
If there is a long-option equivalent, it can be supplied as the second argument. For
example, if --all is an alias for -A, the above statement would be rewritten as:
remopt A all
Notice, that the initial dash or double-dash is omitted from both the short and long
option designation.
When looking for long option in the command line, remopt will recognize its possible
abbreviations. In the example above, eventual occurrences of --al will be removed as
well.
If the option takes an argument, follow the first argument by a colon. For example, to
remove occurrences of the options -r along with its arguments write
remopt r:
The long option equivalent can be specified as well, e.g.:
remopt r: root
This will recognize all possible ways of option usage in the command line, such as: -r
ARG, -rARG, --root=ARG, or --root ARG. -afr ARG In each case, both the option and its
argument will be removed, so that the modified command line will remain valid. Short
option appearing in a cluster will be recognized, .e.g -afr ARG will be replaced by -af.
Finally, if the option takes an optional argument, follow its short letter by two colons,
as in:
remopt r:: root
insert
Arguments can also be inserted at arbitrary positions. The insert statement is provided
for this purpose. Its syntax is similar to set:
insert [N] = value
and
insert [N] = value ~ s/regex/replace/
where N is the position where to insert the new argument. All arguments starting from Nth
will be shifted one position to the right, and the value will be stored in the Nth slot.
In the second form, the value to be inserted is computed by applying the replacement
expression to value.
REFERENCE: LEXICAL STRUCTURE
A statement consists of a keyword and arguments, separated by any amount of whitespace.
Arguments can be one of the following:
Identifiers
Identifiers begin with a letter and consist of letters, digits, underscores and
dashes. They serve as keywords and variable names.
Decimal numbers
A sequence of decimal digits, optionally preceded by a minus or plus sign.
Unquoted strings
An unquoted string is any contiguous sequence of any characters, except newlines,
whitespace and the following special characters: \, ", !, =, <, >, (, ), {, }, [,
], $, %, &, |, ~, #.
Quoted strings
A quoted string is a sequence of characters enclosed in double-quotes. Quoted
strings are subject to backslash interpretation, backreference interpretation and
variable expansion.
During backslash interpretation, the escape sequences are recognized and replaced
as per table below:
Sequence Replaced with
\a Audible bell character (ASCII 7)
\b Backspace character (ASCII 8)
\f Form-feed character (ASCII 12)
\n Newline character (ASCII 10)
\r Carriage return character (ASCII 13)
\t Horizontal tabulation character (ASCII 9)
\v Vertical tabulation character (ASCII 11)
\\ A single backslash
\" A double-quote.
\% Percent sign
In addition, the sequence \newline is removed from the string. This allows one to
split long strings over several physical lines.
During the backreference interpretation, references to parenthesized groups in
regular expression are replaced with the actual content of the corresponding group
in the most recently matched string. A reference is %{N} where N is a decimal
number. If N is one digit, curly braces can be omitted: %N If the % character
resulted from previous backslash interpretation, no backreference interpretation
occurs.
Strings used in the left-hand side of a comparison expression are subject to
variable expansion. This is discussed later.
Backreferences
The construct %{N} is replaced with the substring that matched the Nth
parenthesized subgroup in a most recently performed regular expression match. If N
is one digit, curly braces can be omitted.
Variable references
Variable references consist of a $ sign, followed by the positional argument number
or variable name, optionally enclosed in curly braces. Positional arguments
greater than 9 must be enclosed in curly braces. The variable name must follow the
rules for valid identifiers: it must begin with a letter and consist of letters,
digits and underscores. Variable name in curly braces can be followed by -, =, ?,
or +, optionally preceded by : as summarized in the table below:
Reference Meaning
${VAR:-WORD} Use Default Values
${VAR:=WORD} Assign Default Values
${VAR:?WORD} Display Error if Null or Unset
${VAR:+WORD} Use Alternate Value
where WORD stands for any valid token as described in this section. See the
section REFERENCE: VARIABLE EXPANSION, for a detailed discussion of these forms and
their meaning.
Comparison and boolean operators
&& Boolean AND
|| Boolean OR
! Boolean negation
== Equality (string or numeric)
!= Inequality (string or numeric)
< Less than
<= Less than or equal to
> Greater than
>= Greater than or equal to
~ Regexp matching
!~ Negated regexp matching
in Membership in set of strings
group Membership in UNIX group
= Assignment
=~ Regular expression substitution
REFERENCE: VARIABLE EXPANSION
Most statements in the configuration file undergo variable expansion prior to their use.
During variable expansion, references to variables in the string are replaced with their
actual values. A variable reference has two basic forms:
$V
${V}
where V is either the name of the variable (request, environment, or user-defined), or the
index of the positional variable. The notation in curly braces serves several purposes.
First, it is obligatory if V is an index of the positional variable that is negative or
greater than 9. Secondly, it should be used if the variable reference is immediately
followed by an alphanumeric symbol, which will otherwise be considered part of it (as in
${home}dir). Finally, this form allows for specifying the action to take if the variable
is undefined or expands to an empty value.
The following special forms are recognized:
${VARIABLE:-WORD}
Use Default Values. If VARIABLE is unset or null, the expansion of WORD is
substituted. Otherwise, the value of VARIABLE is substituted.
${VARIABLE:=WORD}
Assign Default Values. If VARIABLE is unset or null, the expansion of WORD is
assigned to the variable. The value of VARIABLE is then substituted.
${VARIABLE:?WORD}
Display Error if Null or Unset. If VARIABLE is null or unset, the expansion of
WORD (or a message to that effect if WORD is not present) is output to the current
logging channel. Otherwise, the value of VARIABLE is substituted.
${VARIABLE:+WORD}
Use Alternate Value. If VARIABLE is null or unset, nothing is substituted,
otherwise the expansion of WORD is substituted.
REFERENCE: STATEMENTS
There are three global statements, two of which can contain multiple substatements:
rush 2.0
Declares the version of the syntax this configuration file is written in. This
must be the first statement in the configuration file. If this statement is
missing, the configuration file will be treated as legacy configuration file from
previous versions of GNU rush. For the discussion of the legacy configuration
file, please refer to http://www.gnu.org.ua/software/rush/manual/1.x.
global Defines global settings.
rule [TAG]
Contains a set of rules for a certain class of input command lines.
global
Introduces global settings. This statement is followed by one or more substatements.
Global settings end at the nearest rule statement that follows. They remain in effect
until the next global statement is encountered which alters them.
The following statements may appear in this section.
expand-undefined BOOL
Controls how undefined variables are expanded. If BOOL is true, references to
undefined variables are replaced with empty values. If it is false (the default),
an error message is issued and program terminates.
Any of the following values can be used as a synonym for true: yes, on, t, 1.
The following values can be used as synonyms for false: no, off, nil, 0.
debug NUM
Set debugging level. The bigger NUM is, the more verbose is the logging. The
debugging information is reported via syslog at facility authpriv, priority debug.
sleep-time NUM
Set the time in seconds to sleep before exiting on error. This statement is
intended as a measure against brute-force attacks. Default sleep time is 5
seconds.
message CLASS TEXT
Define a textual message which is returned to the remote party if an error of the
given CLASS occurs. Valid classes are:
usage-error
This error is reported when rush has been invoked improperly. The default text
is:
"You are not permitted to execute this command."
nologin-error
A message which is returned if there is no such user name in the password
database. Defaults to:
"You are not permitted to execute this command."
config-error
Define a textual message which is returned if the configuration file contained
errors. Default is:
"Local configuration error occurred."
system-error
Define a textual message which is returned if a system error occurs. Default
is:
"A system error occurred while attempting to execute command."
regexp FLAG [FLAG...]
Configure the type of regular expressions to be used by subsequent match, set, and
insert statements. Each FLAG is a word specifying a regular expression feature.
It can be preceded by a plus sing to enable this feature (this is the default), or
by the minus sign to disable it. Valid flags are:
extended
Use POSIX Extended Regular Expression syntax when interpreting regex. This is
the default.
basic Use basic regular expressions. Equivalent to -extended.
icase or ignore-case
Do not differentiate case. Subsequent regex matches will be case insensitive.
include-security FLAG [FLAG...]
Configure the security checks for include files. Valid flags are:
all Enable all checks.
owner The file must be owned by root.
iwgrp or groupwritablefile
Forbid group writable files.
iwoth or worldwritablefile
Forbid world writable files.
dir_iwgrp or groupwritabledir
Forbid files that reside in group writable directories.
dir_iwoth or worldwritabledir
Forbid files that reside in world writable directories.
link Forbid symbolic links to files residing in group or world writable directories.
Each of the above keywords can be prefixed by no, which reverses its meaning. The special
keyword none disables all checks.
acct-umask MASK
Set umask used when accessing accounting database files. Default value is 022.
acct-dir-mode MODE
Set mode bits for the accounting directory. The argument is the mode in octal.
acct-file-mode MODE
Set mode bits for the wtmp and utmp files.
rule
Defines a rule. This is a block statement, which means that all statements located
between it and the next rule statement (or end of file, whichever occurs first) modify the
definition of that rule.
The syntax is:
rule TAG
Optional TAG argument supplies the identifier for that rule. It is used in diagnostic
messages. If tag is missing, rush will supply a default one, which is constructed by
concatenating the # character and the ordinal number of rule in the configuration file, in
decimal notation. Rule numbering starts from 1.
A rule can contain the following statements:
match EXPR
Defines conditions that decide whether the rule matches the particular request.
The EXPR argument is a comparison expression. It can be a simple comparison
expression or a boolean expression involving several other expressions.
A simple expression is either a comparison or a membership test. A comparison has
the general syntax
lhs op rhs
where lhs and rhs are operands and op is the operation. The lhs is either a string
(quoted or unquoted), or a variable reference. The rhs is a string or number.
Prior to evaluating simple expression, its LHS undergoes variable expansion. In
contrast, the RHS operand is always treated verbatim.
The comparison operator OP is one of the following:
== Equality (string or numeric)
!= Inequality (string or numeric)
< Less than
<= Less than or equal to
> Greater than
>= Greater than or equal to
~ Regexp matching
!~ Negated regexp matching
Two membership tests are available. The in test has the form
LHS in ( STRING ... )
and evaluates to true if LHS matches one of the strings in parentheses. LHS
undergoes variable expansion and backreference interpretation prior to comparison.
The group test has the following syntax:
group GRP
It returns true if the requesting user is a member of the group GRP. Several
groups can be given in parentheses:
group (GRP ...)
in which case the test return true if the user is a member of at least one of the
mentioned groups.
Compound boolean expression combine one or more expressions using logical operators
&& Boolean AND
|| Boolean OR
! Boolean negation
set NAME = VALUE
Sets the variable NAME to VALUE, which undergoes backreference interpretation and
variable expansion.
set [N] = VALUE
Sets the command line argument N to VALUE
set NAME = VALUE ~ S-EXPR
Applies the sed(1)-like search-and-replace expression S-EXPR to VALUE and assigns
the result to the variable NAME. Both VALUE and S-EXPR are subject to variable
expansion and backreference interpretation.
set [N] = VALUE ~ S-EXPR
Similar to the above, but assigns the result to the Nth command line argument.
set NAME =~ S-EXPR
This is a shortcut for
set NAME = $NAME ~ S-EXPR
i.e. it applies the search-and-replace expression S-EXPR to the current value of
the variable NAME and stores the resulting string as its new value.
set [N] =~ S-EXPR
A shortcut for
set [N] = $N ~ S-EXPR
The S-EXPR, is a sed replace expression of the form:
s/REGEXP/REPLACE/[FLAGS]
where REGEXP is a regular expression, REPLACE is a replacement for each part of the input
that matches REGEXP and optional FLAGS are flag letters that control the substitution.
Both REGEXP and REPLACE are described in sed(1).
As in sed, you can give several replace expressions, separated by semicolons.
The supported FLAGS are:
g Apply the replacement to all matches to the REGEXP, not just the first.
i Use case-insensitive matching.
x REGEXP is an extended regular expression.
NUMBER Only replace the NUMBERth match of the REGEXP.
Notice, that the POSIX standard does not specify what should happen when you mix the g and
NUMBER modifiers. Rush follows the GNU sed implementation in this regard, so the
interaction is defined to be: ignore matches before the NUMBERth, and then match and
replace all matches from the NUMBERth on.
Also notice, that usually S-EXPR is a quoted string, and as such it is subject to
backslash interpretation. It is therefore important to properly escape backslashes,
especially in the REPLACE part. E.g.
set bindir = $program ~ "s/(.*)\\//\\1/"
insert [N] = VALUE
Shift command line arguments starting from the Nth one position to the right and
store VALUE in the Nth slot. VALUE is subject to variable expansion and
backreference interpretation.
insert [N] = VALUE ~ S-EXPR
Shift command line arguments starting from the Nth one position to the right, apply
S-EXPR to VALUE and store the result in the Nth slot. Both S-EXPR and VALUE are
subject to variable expansion and backreference interpretation.
unset NAME
Unset the variable NAME.
unset N
Unset the positional argument N (an integer number greater than 0), shifting the
remaining arguments one position left. This is the same as delete N.
remopt SOPT
Remove from the command line all occurrences of the short option described by SOPT.
The SOPT argument is the short option letter, optionally followed by a colon if
that option takes a mandatory argument, or by two colons if it takes an optional
argument.
remopt SOPT LOPT
Same as the above. LOPT supplies the long option equivalent for the short option
described by SOPT.
delete N
Delete Nth argument.
delete I J
Delete arguments between I and J, inclusive.
map NAME FILE DELIM KEY KN VN
This statement uses file lookup to find a new value for the variable NAME. The
FILE argument supplies the name of the map file. It must begin with / or ~/.
Before use, the file permissions and ownership are checked using the criteria
supplied in the include-security statement (see the global section).
The map file consists of records, separated by newline characters. Each record, in
turn, consists of fields, separated by characters listed in the DELIM argument. If
it contains a space character, then fields may be delimited by any amount of
whitespace characters (spaces and/or tabulations). Otherwise, exactly one
character delimits fields. Fields within a record are numbered starting from 1.
The map action operates as follows. First, variable expansion and backreference
interpretation is performed on the KEY argument. The result will be used as actual
lookup key. Then, FILE is scanned for a record whose KNth field matches the lookup
key. If such a record is found, the value of its VNth field is assigned to the
variable. Otherwise, if DEFAULT is supplied, it is assigned to the variable.
Otherwise, the variable remains unchanged.
map [N] FILE DELIM KEY KN VN DEFAULT
Same as above, but the result of the lookup is assigned to Nth argument.
The following statements modify command execution environment:
clrenv Clear the environment.
keepenv NAME ...
Retain the listed variables. This statement should be used in conjunction with
clrenv.
Argument is a whitespace delimited list of variables to retain. Each element in
the list can be either a variable name, or a shell-style globbing pattern, in which
case all variables matching that pattern will be retained, or a variable name
followed by an equals sign and a value, in which case it will be retained only if
its actual value equals the supplied one. For example, to retain only variables
with names beginning with 'LC_':
keepenv "LC_*"
setenv NAME = VALUE
Set the environment variable NAME. The VALUE argument is subject to variable
expansion and backreference interpretation.
For example, to modify the 'PATH' value:
setenv PATH = "$PATH:/opt/bin"
unsetenv NAME ...
Unset environment variables. See keepenv for a discussion of arguments.
evalenv STRING
Performs backslash interpretation, backreference interpretation and variable
expansion on STRING and discards the result. This statement is similar to the
shell's "colon" statement.
The following statements are system actions. They provide interface to the operating
system.
umask MASK
Set the umask. The MASK must be an octal value not greater than 0777. The default
umask is 022.
newgrp GROUP-ID
Change the current group ID to GROUP-ID, which is either a numeric value or a name
of an existing group.
newgroup GROUP-ID
Alias to the above.
chroot DIR
Change the root directory to DIR. The argument is subject to tilde and variable
expansions and backreference interpretation. During tilde expansion, a tilde at
the start of string is replaced with the absolute pathname of the user's home
directory.
chdir DIR
Change to the directory DIR. The argument is subject to tilde and variable
expansions and backreference interpretation. If both chdir and chroot are
specified, chroot is applied first.
limits RES
Impose limits on system resources, as defined by RES. The argument consists of
commands, optionally separated by any amount of whitespace. A command is a single
command letter followed by a number, that specifies the limit. The command letters
are case-insensitive and coincide with those used by the shell ulimit utility:
A max address space (KB)
C max core file size (KB)
D max data size (KB)
F maximum file size (KB)
M max locked-in-memory address space (KB)
N max number of open files
R max resident set size (KB)
S max stack size (KB)
T max CPU time (MIN)
U max number of processes
L max number of logins for this user (see below)
P process priority -20..20 (negative = high priority)
If some limit cannot be set, execution of the rule aborts. In particular, the L limit can
be regarded as a condition, rather than an action. Setting limit L5 succeeds only if no
more than 5 rush instances are simultaneously running for the same user. This can be used
to limit the number of simultaneously open sessions.
The use of L resource automatically enables forked mode. See the subsection Accounting
and forked mode for details.
fall-through or fallthrough
Declare a fall-through rule. After evaluating such a rule, rush continues rule
matching process from the next rule in the configuration. Any modifications to the
request found in the fall-through rule take effect immediately, which means that
subsequent rules will see modified command line and environment. Execution of any
other actions found in the fall-through rule is delayed until a matching rule is
found.
Fall-through rules are often used to set default values for subsequent rules.
Accounting and forked mode
GNU rush is able to operate in two modes, which we call default and forked. When
operating in the default mode, the process image of rush itself is overwritten by the
command being executed. Thus, when it comes to launching the requested command, the
running instance of rush ceases to exist.
There is also another operation mode, which we call forked mode. When running in this
mode, rush executes the requested command in a subprocess, and remains in memory
supervising its execution. Once the command terminates, rush exits.
One advantage of the forked mode is that it allows you to keep accounting, i.e. to note
who is doing what and to keep a history of invocations. The accounting, in turn, can be
used to limit simultaneous executions of commands, as requested by the L command to limit
statement (see above).
acct BOOL
Turn accounting mode on or off, depending on BOOL. The argument can be one of the
following: yes, on, t, true, or 1, to enable accounting, and no, off, nil, false,
0, to disable it.
fork BOOL
Enable or disable forked mode. See acct for a description of BOOL. Enabling
accounting turns the fork mode as well. This statement is mainly designed as a way
of disabling the forked mode for a given rule.
Post-process notification
Rush can be configured to send a notification over INET or UNIX sockets, after completing
user request. It is done using the following statement:
post-socket URL
Notify URL about completing the user request. This statement implies forked mode.
Allowed formats for URL are:
inet://HOSTNAME[:PORT]
Connect to remote host HOSTNAME using TCP/IP. HOSTNAME is the host name or IP
address of the remote machine. Optional PORT specifies the port number to connect
to. It can be either a decimal port number or a service name from /etc/services.
If PORT is absent, tcpmux (port 1) is assumed.
unix://FILENAME or local://FILENAME
Connect to a UNIX socket FILENAME.
The notification protocol is based on TCPMUX (RFC 1078). After establishing connection,
rush sends the rule tag followed by a CRLF pair. The rule tag acts as a service name.
The remote party replies with a single character indicating positive (+) or negative (-)
acknowledgment, optionally followed by a message of explanation, and terminated with a
CRLF.
If positive acknowledgment is received, rush sends a single line, consisting of the user
name and the executed command line, separated by a single space character. The line is
terminated with a CRLF.
After sending this line, rush closes the connection.
The post-process notification feature can be used to schedule execution of some actions
after certain rules.
Exit rule
exit FD TEXT
Write textual message TEXT to file descriptor FD.
exit TEXT
Write textual message TEXT to standard error. Similar to
exit 2 TEXT
In both cases the TEXT argument can be either a quoted string, or an identifier.
If it is a quoted string, it is subject to backreference interpretation and variable
expansion.
If TEXT is an identifier, it must be the name of a predefined error message (see the list
in the discussion of the message statement in global section, above).
Interactive access
Sometimes it may be necessary to allow some group of users limited access to interactive
shells. GNU rush contains provisions for such usage. When it is invoked without '-c' it
assumes interactive usage. In this case only rules explicitly marked as interactive are
considered, the rest of rules is ignored.
interactive BOOL
If BOOL is true (see the acct statement above for allowed values), this statement
marks the rule it appears in as interactive. This rule will match only if rush is
invoked without command line arguments.
Unless command line transformations are applied, interactive rule finishes by executing
/bin/sh. The first word in the command line (argv[0]) is normally set to the base name of
the command being executed prefixed by a minus character.
An example
rule login
interactive true
group rshell
map program /etc/rush.shell : ${user} 1 2
set [0] = ${program} ~ "s|^.*/||;s,^,-r,"
rule nologin
interactive true
exit You don't have interactive access to this machine.
The login rule will match interactive user requests if the user is a member of the group
rshell. It looks up the shell to use for this in the file /etc/rush.shell. This map file
consists of two fields, separated by a colon. If the shell is found, its base name,
prefixed with -r, will be used as argv[0] (this indicates a restricted login shell).
Otherwise, the trap rule nologin will be matched, which will output the given diagnostics
message and terminate rush.
Localization
The following statement allow you to provide translations (localizations) for the messages
in your rush configuration:
locale NAME
Set the locale name. To specify empty locale, use "" as NAME (recall that empty
locale name means to use the value of the environment variable 'LC_ALL' as locale
name).
locale-dir NAME
Set the name of the locale directory.
text-domain NAME
Set the textual domain name.
An example:
rule l10n
locale "pl_PL"
text-domain "rush-config"
fall-through
include
The include statement forces inclusion of the named file in that file location:
include FILE
The statement is evaluated when parsing the configuration file, which means that FILE
undergoes only tilde expansion: the two characters ~/ appearing at the beginning of file
name are replaced with the full path name of the current user's home directory.
If FILE is a directory, that directory is searched for a file whose name coincides with
the current user name. If such a file is found, it is included.
In any case, if the named file does not exist, no error is reported, and parsing of the
configuration file continues.
Before including the file rush checks if it is secure, using the criteria set in the
include-security statement. See its description in the global section, above.
The include statement can be used only within a rule. The included file may not contain
rule and global statements.
SEE ALSO
rush(8), rushlast(1), rushwho(1).
AUTHORS
Sergey Poznyakoff
BUG REPORTS
Report bugs to <bug-rush@gnu.org.ua>.
COPYRIGHT
Copyright © 2016-2019 Sergey Poznyakoff
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it. There is NO WARRANTY,
to the extent permitted by law.