GNU Rush – a restricted user shell (split by section):   Section:   Chapter:FastBack: Configuration File   Up: Configuration File   FastForward: Default Configuration   Contents: Table of ContentsIndex: Concept Index

4.3 Include

The include statement forces inclusion of the named file in that file location:

Configuration: include file

Include file file

If file starts with a tilde character, followed by a slash (‘~/’), these two characters are replaced with the full path name of current user’s home directory.

If file is a directory, that directory is searched for a file whose name coincides with the current user name. If such a file is found, it is included.

In any case, if the file named by file (after tilde expansion) does not exist, no error is reported, and parsing of the configuration file continues.

Before including the file, rush checks if it is secure, using the same rules as for the main configuration file (see security checks). The exact list of checks can be tuned using the include-security statement:

Configuration: include-security list

Configure the security checks for include files. This statement takes a list of arguments, separated by white space. The following arguments are recognized:

all

Enable all checks.

owner

The file is not owned by root.

iwgrp
groupwritablefile

The file is group writable.

iwoth
worldwritablefile

The file is world writable.

dir_iwgrp
groupwritabledir

The file resides in a group writable directory.

dir_iwoth
worldwritabledir

The file resides in a world writable directory.

link

The file is a symbolic link to a file residing in a group or world writable directory.

Each of the above keywords may be prefixed by ‘no’, which reverses its meaning. The special keyword ‘none’ is synonymous to ‘noall’, i.e. it disables all checks. Each keyword adds or removes a particular test to the existing check list, which is initialized as described in security checks. Thus, the foll owning statement results in all checks, except for the file ownership:

include-security noowner

In the example below, the check list is first cleared by using the noall statement, and then a set of checks is added to it:

include-security noall owner iwoth iwgrp

The include-security statement is global, i.e. it affects all include statements appearing below it, up to the next include-security statement, or end of configuration file, whichever occurs first.

The include statement can appear in any place of the configuration file, both within or outside a rule.

This statement provides a convenient way for user-dependent rush configuration. For example, the following fall-through rule (see Fall-through) allows to keep each user’s configuration in a file named .rush, located in the user’s home directory:

rule user
  inlcude ~/.rush
  fall-through

Of course, it is supposed that such a per-user file, if it exists, is writable only for super-user and does not contain any rule statements.

The use of include files may be especially useful for per-user localization (see Localization). It suffices to provide a fall-through rule, similar to the one above, and to place a locale directive in ~/.rush files, according to the users’ preferences.

GNU Rush – a restricted user shell (split by section):   Section:   Chapter:FastBack: Configuration File   Up: Configuration File   FastForward: Default Configuration   Contents: Table of ContentsIndex: Concept Index