GNU Rush |
|
Restricted User Shell |
Sergey Poznyakoff |
Simple expressions can be combined into complex conditions using boolean operators:
‘||’ | Disjunction (or) |
‘&&’ | Conjunction (and) |
‘!’ | Negation |
Arguments to these operators can be either simple expressions or another boolean expressions. The operators in the table above are ordered by their precedence. As in most programming languages, parentheses can be used to enforce the desired order of evaluation.
Both binary operators implement shortcut evaluation.
For example, the following rule will match if the command name contains ‘git-receive-pack’ or ‘git-upload-pack’ and either the UID is 100 or the user is a member of the group ‘git’:
rule match $0 ~ "git-(receive|upload)-pack" && \ ($uid == 100 || group "git")
Notice the use of parentheses to enforce proper evaluation order. The ‘&&’ operator has higher priority than ‘||’. Without parentheses the rule would match if either the command name matched the regexp and the user ID was 100, or if the user was a member of the ‘git’ group, no matter what command was issued.
This document was generated on January 2, 2022 using makeinfo.
Verbatim copying and distribution of this entire article is permitted in any medium, provided this notice is preserved.