Restricted User Shell
GNU Rush is usually installed as a user shell. When a user connects to
the server (e.g. by using using SSH protocol), the shell binary,
rush, is executed. GNU Rush must be called with exactly two
arguments: the -c command line option and a command line to
be executed on the host machine1. If
wrong arguments are supplied, the shell aborts.
The third argument to
rush supplies a command line to be
executed. This command line along with the password database entry
for the user who executes
rush are said to form a
rush reads a set of rules from its
configuration file. Each rule consists of conditions
and actions. Conditions are used to match the rule
with the request. They can include regular expression matching
with entire command line or particular fields thereof, user name or
group comparisons, etc. If all conditions match the request,
actions are executed. Actions allow to:
Finally, after all actions have been executed successfully,
executes the requested command. Notice, that the resulting command
line is not necessarily the same as was supplied to
the -c option.
A special kind of rules, called fall-through ones, is provided. Fall-through rules differ from other rules in that they do not execute the command. After all actions in a fall-through rule have been executed, GNU Rush continues to search for another matching rule in its configuration and applies it, if found. Fall-through rules are useful to set default values for subsequent rules.
Starting from version 1.6, it is possible to use GNU Rush for interactive shell sessions. See Interactive, for more information about it.
This document was generated on October 1, 2016 using makeinfo.Verbatim copying and distribution of this entire article is permitted in any medium, provided this notice is preserved.