Restricted User Shell
A fall-through rule is a special rule that does not execute the
requested command. When a matching fall-through rule is encountered,
rush evaluates it and continues scanning its configuration
for the next matching rule. Any transformation and
actions found in the fall-through rule take effect immediately, which
means that subsequent rules will see modified command line and
environment. Execution of any other actions found in the fall-through rule
is delayed until a usual rule is found.
A fall-through rule is declared using the following statement:
Declare a fall-through rule.
Usually this statement is placed as the last statement in a rule, e.g.:
rule default umask 002 env - HOME USERNAME PATH fall-through
Fall-through rules provide a way to set default values for subsequent rules. For example, any rules that follow the ‘default’ rule shown above, will inherit the umask and environment set there.
One can also use fall-through rules to “normalize” command lines. For example, consider this rule:
rule default transform s|.*/||; fall-through
It will remove all path components from the first command line argument. As a result, all subsequent rules may expect a bare binary name as the first argument.
Yet another common use for such rules is to enable accounting (see the next subsection), or set resource limits for the rest of rules:
rule default limit l1 fall-through
This document was generated on October 1, 2016 using makeinfo.Verbatim copying and distribution of this entire article is permitted in any medium, provided this notice is preserved.