![[image of the Head of a GNU]](/graphics/gnu-head-sm.jpg)
|
|
GNU Rush |
Restricted User Shell |
Sergey Poznyakoff |
| GNU Rush – a restricted user shell. (split by section): |  |
 |
 |
 |
 |
 |
 |
? |
Sometimes it may be necessary to allow some group of users limited access to interactive shells. GNU Rush contains provisions for such usage.
If this statement is present in the configuration file, the invocation
of rush without command line arguments (interactive usage)
becomes equivalent to rush -c string.
This can be used to catch interactive invocations. Consider the following example:
interactive //shell//
rule login
command //shell//
group rshell
map[^] /etc/rush.shell : ${user} 1 2
transform[0] ${program} s,^,-r,
rule nologin
command //shell//
exit You don't have interactive access to this machine.
|
The interactive statement supplies a fake command line which
will indicate an attempt of interactive usage. It is a common practice
to select such a string that cannot be a valid system command. The
‘login’ rule matches this command line if the user is a member
of the group ‘rshell’. It uses ‘/etc/rush.shell’ to select
a shell to use for that user (see section Map). This map file consists of
two fields, separated by a colon. If the shell is found, its base
name, prefixed with ‘-r’, is used as ‘argv[0]’ (this indicates a
restricted login shell). Otherwise, the trap rule ‘nologin’ is
matched, which outputs the given diagnostics message and exits
rush.
| GNU Rush – a restricted user shell. (split by section): | |
|
|
|
|
|
|
? |
Verbatim copying and distribution of this entire article is permitted in any medium, provided this notice is preserved.