GNU Rush – a restricted user shell (split by node):   Section:   Chapter:FastBack: Configuration File   Up: Rule   FastForward: Default Configuration   Contents: Table of ContentsIndex: Concept Index

4.2.9 Interactive Access

Sometimes it may be necessary to allow some group of users limited access to interactive shells. GNU Rush contains provisions for such usage. When rush is invoked without -c it assumes interactive usage. In this case only rules explicitly marked as interactive are considered, the rest of rules is ignored.

Rule Config: interactive

This statement marks the rule it appears in as interactive. This rule will match only if rush is invoked without command line arguments.

Unless command line transformations are applied, interactive rule finishes by executing /bin/sh. The first word in the command line (argv[0]) is normally set to the basename of the command being executed prefixed by a dash sign.

Consider the following example:

rule login
  interactive
  group rshell
  map[^] /etc/rush.shell : ${user} 1 2
  transform[0] ${program} s,^,-r,

rule nologin
  interactive
  exit You don't have interactive access to this machine.

The ‘login’ rule will match interactive user requests if the user is a member of the group ‘rshell’. It uses /etc/rush.shell to select a shell to use for that user (see map). This map file consists of two fields, separated by a colon. If the shell is found, its base name, prefixed with ‘-r’, will be used as ‘argv[0]’ (this indicates a restricted login shell). Otherwise, the trap rule ‘nologin’ will be matched, which will output the given diagnostics message and terminate rush.

To test interactive access, use the -i option:

rush --test -i 

GNU Rush – a restricted user shell (split by node):   Section:   Chapter:FastBack: Configuration File   Up: Rule   FastForward: Default Configuration   Contents: Table of ContentsIndex: Concept Index