![[image of the Head of a GNU]](/graphics/gnu-head-sm.jpg)
|
|
GNU Rush |
Restricted User Shell |
Sergey Poznyakoff |
GNU Rush – a restricted user shell (split by chapter): 
Rush accounting database is stored in the directory
localstatedir/rush, where localstatedir stands for
the name of the local state directory, defined at compile time. By
default, it is prefix/var, where prefix is the
installation prefix, which defaults to /usr/local. Thus, the
default database directory is /usr/local/var/rush. You can
change this default using the --localstatedir option to
configure before compiling the package. The
--prefix option affects it as well.
As of version 2.2, the database consists of two files, called utmp and wtmp. The wtmp file keeps information about all user sessions, both finished and still active. The utmp file contains indices to those records in wtmp, which represent active sessions.
The wtmp grows continuously, while utmp normally
grows the first day or two after enabling accounting mode, and from then on
its size remains without changes. If you set up log file rotation,
e.g. by using logrotate (see logrotate in logrotate man page), or a similar tool, it is safe to rotate
wtmp without notifying rush. The only requirement is
to truncate utmp to zero size after rotating wtmp, as
shown in the following logrotate.conf snippet:
/var/run/rush/wtmp {
monthly
create 0640 root svusers
postrotate
cat /dev/null > /var/run/rush/utmp
endscript
}
Accounting files are owned by ‘root’ and normally are accessible only to the owner (file mode ‘600’). You may change the default permissions using the following global configuration file statements:
Set umask used when accessing accounting database files. Default value is ‘022’.
Set mode bits for the accounting directory. The mode argument is the mode in octal.
Set mode bits for wtmp and utmp files.
Notice, that these statements affect file and directory modes only
when the corresponding file or directory is created. Rush
will not change modes of the existing files.
The following sections contain a detailed description of the structure of these two files. You may skip them, if you are not interested in technical details.
The wtmp file consists of variable-size entries. It is designed so that it can easily be read in both directions.
Each record begins with a fixed-size header, which is followed by
three zero-terminated strings, and the record size in size_t
representation. The three strings are, in that order: the user login
name, the rule tag, and the full command line.
The header has the following structure:
struct rush_wtmp {
size_t reclen;
pid_t pid;
struct timeval start;
struct timeval stop;
char *unused[3];
};
where:
reclenis the length of the entire record, including the size of this header. This field is duplicated at the end of the record.
pidis the PID of the command executed for the user.
startrepresents the time of the beginning of the user session.
stoprepresents the time when the user session finished. If the session is still running, this field is filled with zeros.
unusedThe three pointers at the end of the structure are used internally by
rush. On disk, these fields are always filled with zeros.
The utmp file consists of a fixed-size records of the following structure:
struct rush_utmp {
int status;
off_t offset;
};
The fields have the following meaning:
statusStatus of the record: ‘0’ if the record is unused, and ‘1’ if it represents an active session.
offsetOffset of the corresponding record in wtmp (see previous section).
GNU Rush – a restricted user shell (split by chapter):
This document was generated on January 2, 2022 using makeinfo.
Verbatim copying and distribution of this entire article is permitted in any medium, provided this notice is preserved.