GNU Rush – a restricted user shell (split by node):   Section:   Chapter:FastBack: Configuration File   Up: Rule   FastForward: Default Configuration   Contents: Table of ContentsIndex: Concept Index

4.2.3 System Actions

System actions provide an interface to the operating system.

Rule Config: umask mask

Set the umask. The mask must be an octal value not greater than ‘0777’. The default umask is ‘022’.

Rule Config: newgrp group-id
Rule Config: newgroup group-id

Changes the current group ID to group-id, which is either a numeric value or a name of an existing group.

Rule Config: chroot dir

Change the root directory to that specified in dir. This directory will be used for file names beginning with ‘/’. A tilde (‘~’) at the start of dir is replaced with the user’s home directory.

The directory dir must be properly set up to execute the commands. For example, the following rule defines execution of sftp-server in an environment, chrooted to the user’s home directory:

rule sftp
  command ^.*/sftp-server
  set[0] bin/sftp-server
  chroot ~

For this to work, each user’s home must contain the directory bin with a copy of sftp-server in it, as well as all directories and files that are needed for executing it, in particular lib.

Rule Config: chdir dir

Change to the directory dir. The argument is subject to tilde-expansion (see chroot, above). If both chdir and chroot are specified, then chroot is executed first.

Rule Config: limits res

Impose limits on system resources, as defined by res. The argument consists of commands, optionally separated by any amount of whitespace. A command is a single command letter followed by a number, that specifies the limit. The command letters are case-insensitive and coincide with those used by the shell ulimit utility:

CommandThe limit it sets
Amax address space (KB)
Cmax core file size (KB)
Dmax data size (KB)
Fmaximum file size (KB)
Mmax locked-in-memory address space (KB)
Nmax number of open files
Rmax resident set size (KB)
Smax stack size (KB)
Tmax CPU time (MIN)
Umax number of processes
Lmax number of logins for this user (see below)
Pprocess priority -20..20 (negative = high priority)

For example:

limits T10 R20 U16 P20

If some limit cannot be set, execution of the rule aborts. In particular, ‘L’ limit can be regarded as a condition, rather than action. The setting limit Ln succeeds only if no more than n rush instances are simultaneously running for the same user. This can be used to limit the number of simultaneously open sessions.

The use of ‘L’ resource automatically enables forked mode. See Accounting and Forked Mode, for more information about it.

GNU Rush – a restricted user shell (split by node):   Section:   Chapter:FastBack: Configuration File   Up: Rule   FastForward: Default Configuration   Contents: Table of ContentsIndex: Concept Index