![[image of the Head of a GNU]](/graphics/gnu-head-sm.jpg)
|
|
GNU Rush |
Restricted User Shell |
Sergey Poznyakoff |
GNU Rush legacy configuration syntax (split by node): 
The include statement forces inclusion of the named file in
that file location:
Include file file
If file starts with a tilde character, followed by a slash (‘~/’), these two characters are replaced with the full path name of current user’s home directory.
If file is a directory, that directory is searched for a file whose name coincides with the current user name. If such a file is found, it is included.
In any case, if the file named by file (after tilde expansion) does not exist, no error is reported, and parsing of the configuration file continues.
Before including the file, rush checks if it is secure, using
the same rules as for the main configuration file (see security checks). The exact list of checks can be tuned using the
include-security statement:
Configure the security checks for include files. This statement takes a list of arguments, separated by white space. The following arguments are recognized:
allEnable all checks.
ownerThe file is not owned by root.
iwgrpgroupwritablefileThe file is group writable.
iwothworldwritablefileThe file is world writable.
dir_iwgrpgroupwritabledirThe file resides in a group writable directory.
dir_iwothworldwritabledirThe file resides in a world writable directory.
linkThe file is a symbolic link to a file residing in a group or world writable directory.
Each of the above keywords may be prefixed by ‘no’, which reverses its meaning. The special keyword ‘none’ is synonymous to ‘noall’, i.e. it disables all checks. Each keyword adds or removes a particular test to the existing check list, which is initialized as described in security checks. Thus, the foll owning statement results in all checks, except for the file ownership:
include-security noowner
In the example below, the check list is first cleared by using the
noall statement, and then a set of checks is added to it:
include-security noall owner iwoth iwgrp
The include-security statement is global, i.e. it affects all
include statements appearing below it, up to the next
include-security statement, or end of configuration file,
whichever occurs first.
The include statement can appear in any place of the
configuration file, both within or outside of a rule.
This statement provides a convenient way for user-dependent
rush configuration. For example, the following fall-through
rule (see Fall-through) allows the administrator to keep each
user’s configuration in a file named .rush, located in the
user’s home directory:
rule user include ~/.rush fall-through
Of course, it is supposed that such a per-user file, if it exists, is
writable only for super-user and does not contain any rule
statements.
The use of include files may be especially useful for per-user
localization (see Localization). It suffices to provide a
fall-through rule, similar to the one above, and to place a
locale directive in ~/.rush files, according to the
users’ preferences.
GNU Rush legacy configuration syntax (split by node):
This document was generated on June 29, 2019 using makeinfo.
Verbatim copying and distribution of this entire article is permitted in any medium, provided this notice is preserved.