GNU Rush – a restricted user shell (split by node):   Section:   Chapter:FastBack: Configuration File   Up: Rule   FastForward: Default Configuration   Contents: Table of ContentsIndex: Concept Index

4.4.10 Exit rule

The exit rule does not execute any commands. Instead, it writes the supplied error message to the specified file descriptor and exits immediately. The exit rule is defined using the following statement:

rule: exit fd message
rule: exit message

Write textual message message to a file descriptor, given by the optional argument fd. If fd is absent, ‘2’ (standard error) is used.

The message argument can be either a quoted string, or an identifier.

If it is a quoted string, it is subject to backreference interpretation and variable expansion prior to being used.

For example (note the use of line continuation character):

exit "\
    \r\nYou are not allowed to execute that command.\r\n\
    \r\nIf you think this is wrong, ask <foo@bar.com> for assistance.\r\n"

If message is an identifier, it must be the name of a predefined error message (see Error Messages). The corresponding message text will be printed. For example:

  exit nologin-message

If the identifier does not match any predefined error message name, an error of type ‘config-error’ is signaled and rush exits.

Exit actions are useful for writing trap rules, i.e. the rules that are intended to trap incorrect or prohibited command lines and to return customized reply messages in such cases. Consider the following rule:

rule git
  match $program ~ "^git-.+" && $1 ~ "^/sources/[^ ]+\.git$"
  set command =~ "s|.*|/usr/bin/git-shell -c \"&\"|"

It allows the client to use only those Git repositories that are located under /sources directory4. If a user tries to access a repository outside this root, he will be returned a default error message, saying ‘You are not permitted to execute this command’ (see usage-error). You can, however, provide a more convenient message in this case. To do so, place the following after the ‘git’ rule:

rule git-trap
  match $command ~ "^git-.+"
  exit "fatal: Use of this repository is prohibited."

This rule will trap all git invocations that do not match the ‘git’ rule.

Footnotes

(4)

See git, for a better way to handle Git accesses.

GNU Rush – a restricted user shell (split by node):   Section:   Chapter:FastBack: Configuration File   Up: Rule   FastForward: Default Configuration   Contents: Table of ContentsIndex: Concept Index