Restricted User Shell
global statement defines global settings. The syntax is:
global stmt1 stmt2 ...
where dots represent any number of statements. The following
subsections discuss the statements that can be used within a
The following statement controls the behavior of
an undefined variable is expanded (see Variable expansion).
If bool is ‘true’, expand undefined variables to empty value. If it is ‘false’ (the default), issue an error and abort.
The following values can be used as synonyms for ‘true’: ‘yes’, ‘on’, ‘t’, ‘1’.
The following values can be used as synonyms for ‘false’: ‘no’, ‘off’, ‘nil’, ‘0’.
See handling of undefined variables, for a detailed discussion of
rush processes undefined variables and for the
recommended techniques of handling them.
debug global statement sets the debugging level – an
integer value that controls the verbosity of
Set debugging level to num.
The greater num is, the more verbose is the logging. The
debugging information is reported via
syslog at facility
‘authpriv’, priority ‘debug’. As of version 2.1,
the following debugging levels are supported:
A minimum debugging level, and the only one whose messages are logged
using the priority ‘notice’. At this level,
logs requests and rules selected to handle them. For example:
rush: Serving request "/usr/libexec/sftp-server" for sergiusz by rule sftp-savane
List all actions executed when serving requests.
When parsing a legacy configuration file, verbosely describe parsing process.
More debugging levels may be implemented in future.
Set the time to sleep before exiting on error, in seconds. This statement is intended as a measure against brute-force attacks. Default sleep time is 5 seconds.
Define a textual message which is returned to the remote party if an error of the given class occurs.
Valid values for class are:
This error is reported when
rush has been invoked
improperly. The default text is:
You are not permitted to execute this command.
Define a textual message which is returned to the remote user if there is no such user name in the password database.
You do not have interactive login access to this machine.
Define a textual message which is returned to the remote party if the
rush configuration file contains errors.
Local configuration error occurred.
Define a textual message which is returned to the remote party if a system error occurs.
Default message is:
A system error occurred while attempting to execute command.
regexp statement configures the flavor of regular
expressions for use by subsequent
Configure the type of regular expressions.
Each flag is a word specifying some regular expression feature. It can be preceded by ‘+’ to enable this feature (this is the default), or by ‘-’ to disable it. Valid flags are:
Use POSIX Extended Regular Expression syntax when interpreting regex. This is the default.
Use basic regular expressions. Equivalent to ‘-extended’.
Do not differentiate case. Subsequent regex matches will be case insensitive.
For example, the following statement enables POSIX extended, case insensitive matching:
global regex +extended +icase
Additional configuration can be included to the main configuration
file using the
include statement (see Include). Before
inclusion, a number of checks is performed on the file to ensure it
is safe to rely on it. These checks are configured using the
Configure the security checks for include files. This statement takes a list of arguments, separated by white space. The following arguments are recognized:
Enable all checks.
The file is not owned by root.
The file is group writable.
The file is world writable.
The file resides in a group writable directory.
The file resides in a world writable directory.
The file is a symbolic link to a file residing in a group or world writable directory.
Each of the above keywords may be prefixed by ‘no’, which reverses its meaning. The special keyword ‘none’ disables all checks. Each keyword adds or removes a particular test to the existing check list, which is initialized as described in security checks. Thus, the following statement results in all checks, except for the file ownership:
global include-security noowner
In the example below, the check list is first cleared by using the
none statement, and then a set of checks is added to it:
global include-security none owner iwoth iwgrp
The following global statements control file mode and permissions of the accounting database files. For a detailed description of this feature, See Accounting Database.
Set umask used when accessing accounting database files. Default value is ‘022’.
Set mode bits for the accounting directory. The mode argument is the mode in octal.
Set mode bits for the wtmp and utmp files.
This document was generated on July 12, 2019 using makeinfo.Verbatim copying and distribution of this entire article is permitted in any medium, provided this notice is preserved.