GNU Rush
	Restricted User Shell	Sergey Poznyakoff

• Main
• Downloads
• Documentation

GNU Rush – a restricted user shell. (split by section):

Section:

Chapter:

Doc:

?

2. Operation

GNU Rush is usually installed as a user shell. When a user connects to the server (e.g. by using using SSH protocol), the shell binary, rush, is executed. GNU Rush must be called with exactly two arguments: the ‘-c’ command line option and a command line to be executed on the host machine(1). If wrong arguments are supplied, the shell aborts.

The third argument to rush supplies a command line to be executed. This command line along with the password database entry for the user who executes rush are said to form a request.

After startup, rush reads a set of rules from its configuration file. Each rule consists of conditions and actions. Conditions are used to match the rule with the request. They can include regular expression matching with entire command line or particular fields thereof, user name or group comparisons, etc. If all conditions match the request, actions are executed. Actions allow to:

• Modify the command line;
• Impose resource limits;
• Set umask;
• Change current working directory;
• Modify the execution environment;
• Run command in a special root directory (‘chroot’).

Finally, after all actions have been executed successfully, rush executes the requested command. Notice, that the resulting command line is not necessarily the same as was supplied to rush via the ‘-c’ option.

A special kind of rules, called fall-through ones, is provided. Fall-through rules differ from other rules in that they do not execute the command. After all actions in a fall-through rule have been executed, GNU Rush continues to search for another matching rule in its configuration and applies it, if found. Fall-through rules are useful to set default values for subsequent rules.

GNU Rush – a restricted user shell. (split by section):

Section:

Chapter:

Doc:

?