GNU Rush – a restricted user shell. (split by section): Section: Back: 4.2.9.2 Writing Your Localization Forward: 4.4 Debugging Chapter: FastBack: 4. Configuration File Up: 4. Configuration File FastForward: 5. Default Configuration Doc: Contents: Table of Contents Index: Concept Index   ?

4.3 Include

The include statement forces inclusion of the named file in that file location:

Configuration: include file

Include file file

If file begins with a tilde character, followed by a slash (‘~/’), these two characters are replaced with the full path name of current user's home directory.

If file is a directory, that directory is searched for a file whose name coincides with the current user name. If such a file is found, it is included.

In any case, if the file named by file (after tilde expansion) does not exist, no error is reported, and parsing of the configuration file continues.

Before including the file, rush checks if it is secure, using the same rules as for the main configuration file (see security checks). The exact list of checks can be tuned using the include-security statement:

Configuration: include-security list

Configure the security checks for include files. This statement takes a list of arguments, separated by white space. The following arguments are recognized:

all

Enable all checks.

owner

The file is not owned by root.

iwgrp
groupwritablefile

The file is group writable.

iwoth
worldwritablefile

The file is world writable.

dir_iwgrp
groupwritabledir

The file resides in a group writable directory.

dir_iwoth
worldwritabledir

The file resides in a world writable directory.

link

The file is a symbolic link to a file residing in a group or world writable directory.

Each of the above keywords may be prefixed by ‘no’, which reverses its meaning. Each keyword adds or removes a particular test to the existing check list, which is initialized as described in security checks. Thus, the foll owning statement results in all checks, except for the file ownership:

 
include-security noowner

In the example below, the check list is first cleared by using the noall statement, and then a set of checks is added to it:

 
include-security noall owner iwoth iwgrp

The include-security statement is global, i.e. it affects all include statements appearing below it, up to the next include-security statement, or end of configuration file, whichever occurs first.

The include statement can appear in any place of the configuration file, both within or outside a rule.

This statement provides a convenient way for user-dependent rush configuration. For example, the following fall-through rule (see section Fall-through) allows to keep each user's configuration in a file named ‘.rush’, located in the user's home directory:

 
rule user
  inlcude ~/.rush
  fall-through

Of course, it is supposed that such a per-user file, if it exists, is writable only for super-user and does not contain any rule statements.

The use of include files may be especially useful for per-user localization (see section Localization). It suffices to provide a fall-through rule, similar to the one above, and to place a locale directive in ‘~/.rush’ files, according to the users' preferences.

GNU Rush – a restricted user shell. (split by section): Section: Back: 4.2.9.2 Writing Your Localization Forward: 4.4 Debugging Chapter: FastBack: 4. Configuration File Up: 4. Configuration File FastForward: 5. Default Configuration Doc: Contents: Table of Contents Index: Concept Index   ?
This document was generated by Sergey Poznyakoff on October, 27 2009 using texi2html 1.78.

Verbatim copying and distribution of this entire article is permitted in any medium, provided this notice is preserved.