GNU Rush – a restricted user shell (split by chapter):   Section:   Chapter:FastBack: Operation   Up: Top   FastForward: Configuration File   Contents: Table of ContentsIndex: Concept Index

3 Quick Start

To give you the feel of GNU Rush possibilities, let’s consider the following configuration file rule:

rush 2.0

rule sftp
  # Matching condition
  match $uid >= 100 && $command ~ "^.*/sftp-server"
  # Actions:
  set [0] = "bin/sftp-server"
  umask 002
  chroot "~"
  chdir "/"

The first clause defines the version of the syntax this configuration uses. Each configuration must begin with this statement.

Next clause, rule, defines a new rule. Its argument serves as a rule tag and is used for diagnostic messages and in accounting.

Lines beginning with ‘#’ are comments, they are intended for a human reader and are ignored by rush.

The match statement, defines condition that must be met for this rule to become active. In this example it requests that the UID of the requesting user be greater than or equal to 100, and the command line begin with ‘/sftp-server’, optionally preceded by arbitrary directory components.

Subsequent clauses define actions associated with this rule.

The set clause contains instructions on how to modify the first argument of the command line. Argument indices start at 0, so ‘[0]’ refers to the command name. The expression in our example instructs GNU Rush to replace it with ‘bin/sftp-server’.

The umask clause sets the file creation mask.

The chroot clause instructs GNU Rush to chroot to the user home directory before executing the command.

Finally, the chdir statement sets the directory to change to after installing the chroot.

GNU Rush – a restricted user shell (split by chapter):   Section:   Chapter:FastBack: Operation   Up: Top   FastForward: Configuration File   Contents: Table of ContentsIndex: Concept Index