Restricted User Shell
GNU Rush is able to operate in two modes, which we call default and
forked. When operating in the default mode, the process image of
rush itself is overwritten by the command being executed.
Thus, when it comes to launching the requested command,
the running instance of
rush ceases to exist.
There is also another operation mode, which we call forked
mode. When running in this mode,
rush executes the
requested command in a subprocess, and remains in memory supervising
its execution. Once the command terminates,
One advantage of the forked mode is that it allows you to keep
accounting, i.e. to note who is doing what and to keep a
history of invocations. The accounting, in turn, can be used to limit
simultaneous executions of commands (logins, in
GNU Rush terminology), as requested by ‘L’ command to
statement (see L limit).
The forked mode is enabled on a per-rule basis, for rules that
contain either ‘L’ command in the
limit statement, or
‘acct on’ command:
Turn accounting mode on or off, depending on bool. The argument can be one of the following: ‘yes’, ‘on’, ‘t’, ‘true’, or ‘1’, to enable accounting, and ‘no’, ‘off’, ‘nil’, ‘false’, ‘0’, to disable it.
Notice, that there is no need in explicit
acct on command, if
The notion ‘rule contains’, used above, means that either the rule in question contains that statement, or inherits it from one of the fall-through rules (see Fall-through) that were matched before it. In fact, in most cases the accounting should affect all rules, therefore we suggest to enable it in a fall-through rule at the beginning of the configuration file, e.g.:
rule default acct on fall-through
If the need be, you can disable it for some of the subsequent rules by
acct off in it. Notice, that this will disable
accounting only, the forked mode will remain in action. To disable it
as well and enforce default mode for a given rule, use the following
Enable or disable forked mode. This statement is mainly designed as a way of disabling the forked mode for a given rule.
Once accounting is enabled, you can use the
to see the list of users presently running some commands
(see Rushwho) and view the history of last accesses using
rushlast command (see Rushlast).
This document was generated on July 12, 2019 using makeinfo.Verbatim copying and distribution of this entire article is permitted in any medium, provided this notice is preserved.