GNU Rush – a restricted user shell. (split by node): Section: Back: 3. Quick Start Forward: 4.1 Syntax Chapter: FastBack: 3. Quick Start Up: GNU Rush FastForward: 5. Default Configuration Doc: Contents: Table of Contents Index: Concept Index   ?

4. Configuration File

The configuration file is called ‘rush.rc’ and is located in ‘/usr/local/etc’ by default.(3).

The configuration file is read and parsed right after start up. Any errors occurred in parsing are reported using syslog facility ‘authpriv’ and priority ‘notice’. When run in ‘test’ mode, all diagnostics is displayed on standard error output. See section Test Mode, for a detailed description of ways to debug and test your configurations.

Before parsing, rush checks the ownership and permissions of the configuration file for possible security breaches. The configuration file is considered unsafe if any of the following conditions are met:

  1. It is not owned by root.
  2. It is group writable.
  3. It is world writable.
  4. It resides in a group writable directory.
  5. It resides in a world writable directory.
  6. It is a symbolic link to a file residing in a group or world writable directory.

If the file is considered unsafe, rush rejects it and aborts execution.

Any of these tests can be disabled using the --security-check option (see –security-check).

Footnotes

(3)

The exact location of the configuration file is defined when configuring the package. See the file ‘INSTALL’ in the GNU Rush source directory for more information

This document was generated by Sergey Poznyakoff on October, 27 2009 using texi2html 1.78.

Verbatim copying and distribution of this entire article is permitted in any medium, provided this notice is preserved.