![[image of the Head of a GNU]](/graphics/gnu-head-sm.jpg)
|
|
GNU Rush |
Restricted User Shell |
Sergey Poznyakoff |
GNU Rush – a restricted user shell (split by chapter): 
To give you the feel of GNU Rush possibilities, let’s consider the following configuration file rule:
rush 2.0 rule sftp # Matching condition match $uid >= 100 && $command ~ "^.*/sftp-server" # Actions: set [0] = "bin/sftp-server" umask 002 chroot "~" chdir "/"
The first clause defines the version of the syntax this configuration uses. Each configuration must begin with this statement.
Next clause, rule, defines a new rule. Its argument
serves as a rule tag and is used for diagnostic messages and in
accounting.
Lines beginning with ‘#’ are comments, they are intended for a
human reader and are ignored by rush.
The match statement, defines condition that must be met for
this rule to become active. In this example it requests that the
UID of the requesting user be greater than or equal to 100, and the
command line begin with ‘/sftp-server’, optionally preceded by
arbitrary directory components.
Subsequent clauses define actions associated with this rule.
The set clause contains instructions on how to
modify the first argument of the command line. Argument indices start
at 0, so ‘[0]’ refers to the command name. The expression in our example
instructs GNU Rush to replace it with ‘bin/sftp-server’.
The umask clause sets the file creation mask.
The chroot clause instructs GNU Rush to chroot to the user home
directory before executing the command.
Finally, the chdir statement sets the directory to change to
after installing the chroot.
GNU Rush – a restricted user shell (split by chapter):
This document was generated on January 2, 2022 using makeinfo.
Verbatim copying and distribution of this entire article is permitted in any medium, provided this notice is preserved.