GNU Rush – a restricted user shell (split by node):   Section:   Chapter:FastBack: Configuration File   Up: Rule   FastForward: Default Configuration   Contents: Table of ContentsIndex: Concept Index

4.2.8 Exit rule

An exit rule does not execute any commands. Instead, it writes the supplied error message to the specified file descriptor and exits immediately. An exit rule is defined using the following statement:

Rule Config: exit fd message
Rule Config: exit message

Write textual message message to a file descriptor, given by the optional argument fd. If fd is absent, ‘2’ (standard error) is used.

The message argument is subject to backslash interpretation (see Table 4.1).

For example (note the use of line continuation character):

exit \
    \r\nYou are not allowed to execute that command.\r\n\
    \r\nIf you think this is wrong, ask <foo@bar.com> for assistance.\r\n

If message begins with a ‘@’ sign, the remaining characters are treated as the name of a predefined error message (see Error Messages). The corresponding message text is retrieved and used instead of message. For example:

  exit @nologin-message

If the characters after ‘@’ do not correspond to any predefined error message name, an error of type ‘config-error’ is signaled and rush exits.

If you need to begin your exit message with a ‘@’ sign, duplicate it, as in this example:

  exit @@Special error message

This example will produce ‘@Special error message’.

Exit actions are useful for writing trap rules, i.e. the rules that are intended to trap incorrect or prohibited command lines and to return customized reply messages in such cases. Consider the following rule:

rule git
  command ^git-.+
  match[1] ^/sources/[^ ]+\.git$
  transform s|.*|/usr/bin/git-shell -c "&"|

It allows to use only those Git repositories that are located under /sources directory6. If a user tries to access a repository outside this root, he will be returned a default error message, saying ‘You are not permitted to execute this command’ (see usage-error). You can, however, provide a more convenient message in this case. To do so, place the following after the ‘git’ rule:

rule git-trap
  command ^git-.+
  exit fatal: Use of this repository is prohibited.

This rule will trap all git invocations that do not match the ‘git’ rule.

Footnotes

(6)

See git, for a better way to handle Git accesses.

GNU Rush – a restricted user shell (split by node):   Section:   Chapter:FastBack: Configuration File   Up: Rule   FastForward: Default Configuration   Contents: Table of ContentsIndex: Concept Index