![[image of the Head of a GNU]](/graphics/gnu-head-sm.jpg)
|
|
GNU Rush |
Restricted User Shell |
Sergey Poznyakoff |
GNU Rush – a restricted user shell (split by node): 
include-security statementAdditional configuration can be included to the main configuration
file using the include statement (see Include). Before
inclusion, a number of checks is performed on the file to ensure it
is safe to rely on it. These checks are configured using the
following statement:
Configure the security checks for include files. This statement takes a list of arguments, separated by white space. The following arguments are recognized:
Enable all checks.
The file is not owned by root.
The file is group writable.
The file is world writable.
The file resides in a group writable directory.
The file resides in a world writable directory.
The file is a symbolic link to a file residing in a group or world writable directory.
Each of the above keywords may be prefixed by ‘no’, which reverses its meaning. The special keyword ‘none’ disables all checks. Each keyword adds or removes a particular test to the existing check list, which is initialized as described in security checks. Thus, the following statement results in all checks, except for the file ownership:
global include-security noowner
In the example below, the check list is first cleared by using the
none statement, and then a set of checks is added to it:
global include-security none owner iwoth iwgrp
GNU Rush – a restricted user shell (split by node):
This document was generated on January 2, 2022 using makeinfo.
Verbatim copying and distribution of this entire article is permitted in any medium, provided this notice is preserved.