Restricted User Shell
To give you the feel of GNU Rush possibilities, let’s consider the following configuration file rule:
rule sftp # Conditions: command ^.*/sftp-server uid >= 100 # Actions: transform s,.*,bin/sftp-server, umask 002 chroot ~ chdir /
The first clause,
rule, defines a new rule. Its argument
serves as a rule tag, used for diagnostic messages and for accounting.
Lines beginning with ‘#’ are comments, they are intended for a
human reader and are ignored by
The two statements that follow the comment,
uid, define conditions that must be met for this rule to become
command statement introduces a regular expression
to match with the command line. In this example, the command line must
begin with ‘/sftp-server’, optionally preceded by arbitrary
uid statement tells that this rule applies only to users
whose UIDs are greater than or equal to 100.
Subsequent clauses define actions associated with this rule.
transform clause contains instructions on how to
modify the first argument of the command line (i.e. the command
name). These instructions are in the form of
expression (see transformation expression). The
expression in our example instructs GNU Rush to replace the command name with
umask clause sets the file creation mask.
chroot clause instructs GNU Rush to chroot to the user home
directory before executing the command.
chdir statement sets the directory to change to
after installing the chroot.
In this particular case, the
set statement, introduced in GNU Rush version 1.6, is probably more
This document was generated on October 1, 2016 using makeinfo.Verbatim copying and distribution of this entire article is permitted in any medium, provided this notice is preserved.