GNU Rush – a restricted user shell (split by node):   Section:   Chapter:FastBack: Configuration File   Up: Rule   FastForward: Default Configuration   Contents: Table of ContentsIndex: Concept Index

4.4.5 Transformations

Transformations are special actions that modify entire command line or particular arguments from it (positional variables).

Statements that modify variable have been described in the previous section: these are set, insert, unset, remopt, delete and map statements. When set or map is applied to the ‘command’ variable, it modifies entire command line. When these statements are applied to an index (‘[n]’), they modify the corresponding positional variable (argument). This subsection discusses the implications of modifying these variable and illustrates them with some examples.

Positional variables and the $command request variable are mutually dependent. If the $command is modified, the word splitting is applied to it and resulting words are assigned to the positional variables. Similarly, any modifications to positional variables trigger rebuilding of the $command variable from the modified arguments. See Modifying variables, for more detail on it.

Let’s consider several examples.

  1. Echo the command line 
    rule
  set command = "/bin/echo $command"
  2. Remove all occurrences of -r option and its arguments from the command line, and then adds its own -r option and replaces ‘svnserve’ with the full program file name.

    There are at least three different ways to do so.

    1. The recommended approach is to use the remopt and insert statements, as shown below: 
      rule svn
  match $command ~ "^svnserve -t"
  set program = "/usr/bin/svnserve"
  remopt r:
  insert [1] = "-r"
  insert [2] = "/svnroot"
    2. The same can be achieved using regular expressions. This was the default in versions of rush prior to 2.0: 
      rule svn
  match $command ~ "^svnserve -t"
  set command =~ "s/-r *[^ ]*//"
  set command =~ \
      "s|^svnserve |/usr/bin/svnserve -r /svnroot |"

      Notice the use of ‘|’ as a delimiter in s-command, in order to avoid escaping each ‘/’ in the pathname. Without it, the expression in the second set command will be 

      "s/^svnserve /\\/usr\\/bin\\/svnserve -r \\/svnroot /"
    3. The same rule, rewritten using the single set statement: 
      rule svn
  match $command ~ "^svnserve -t"
  set command =~ "s|-r *[^ ]*||;\
         s|^svnserve |/usr/bin/svnserve -r /svnroot |"
  3. Override the executable program name. 
    rule cvs
  match $command ~ "^cvs server"
  set [0] = /usr/bin/cvs

GNU Rush – a restricted user shell (split by node):   Section:   Chapter:FastBack: Configuration File   Up: Rule   FastForward: Default Configuration   Contents: Table of ContentsIndex: Concept Index

This document was generated on January 2, 2022 using makeinfo.

Verbatim copying and distribution of this entire article is permitted in any medium, provided this notice is preserved.