GNU Rush
	Restricted User Shell	Sergey Poznyakoff

• Main
• Downloads
• Documentation

4.3 The global statement

The global statement defines global settings. The syntax is:

  global
    stmt1
    stmt2
    ...

where dots represent any number of statements. The following subsections discuss the statements that can be used within a global block.

4.3.1 Expansion control

The following statement controls the behavior of rush when an undefined variable is expanded (see Variable expansion).

global: expand-undefined bool

If bool is ‘true’, expand undefined variables to empty value. If it is ‘false’ (the default), issue an error and abort.

The following values can be used as synonyms for ‘true’: ‘yes’, ‘on’, ‘t’, ‘1’.

The following values can be used as synonyms for ‘false’: ‘no’, ‘off’, ‘nil’, ‘0’.

See handling of undefined variables, for a detailed discussion of how rush processes undefined variables and for the recommended techniques of handling them.

4.3.2 Debugging

The debug global statement sets the debugging level – an integer value that controls the verbosity of rush:

global: debug num

Set debugging level to num.

The greater num is, the more verbose is the logging. The debugging information is reported via syslog at facility ‘authpriv’, priority ‘debug’. As of version 2.2, the following debugging levels are supported:

1

A minimum debugging level, and the only one whose messages are logged using the priority ‘notice’. At this level, rush only logs requests and rules selected to handle them. For example:

rush[16821]: Serving request "/usr/libexec/sftp-server"
for sergiusz by rule sftp-savane

2

List all actions executed when serving requests.

3

When parsing a legacy configuration file, verbosely describe parsing process.

More debugging levels may be implemented in future.

4.3.3 The sleep-time statement

global: sleep-time num

Set the time to sleep before exiting on error, in seconds. This statement is intended as a measure against brute-force attacks. Default sleep time is 5 seconds.

4.3.4 Error Messages

global: message class text

Define a textual message which is returned to the remote party if an error of the given class occurs.

Valid values for class are:

usage-error

This error is reported when rush has been invoked improperly. The default text is:

You are not permitted to execute this command.

nologin-error

Define a textual message which is returned to the remote user if there is no such user name in the password database.

Default is:

You do not have interactive login access to this machine.

config-error

Define a textual message which is returned to the remote party if the rush configuration file contains errors.

Default is:

Local configuration error occurred.

system-error

Define a textual message which is returned to the remote party if a system error occurs.

Default message is:

A system error occurred while attempting to execute command.

4.3.5 The regexp statement

The regexp statement configures the flavor of regular expressions for use by subsequent match, set, and insert statements.

global: regexp flags ...

Configure the type of regular expressions.

Each flag is a word specifying some regular expression feature. It can be preceded by ‘+’ to enable this feature (this is the default), or by ‘-’ to disable it. Valid flags are:

‘extended’

Use POSIX Extended Regular Expression syntax when interpreting regex. This is the default.

‘basic’

Use basic regular expressions. Equivalent to ‘-extended’.

‘icase’

‘ignore-case’

Do not differentiate case. Subsequent regex matches will be case insensitive.

For example, the following statement enables POSIX extended, case insensitive matching:

global
  regex +extended +icase

4.3.6 The include-security statement

Additional configuration can be included to the main configuration file using the include statement (see Include). Before inclusion, a number of checks is performed on the file to ensure it is safe to rely on it. These checks are configured using the following statement:

global: include-security list

Configure the security checks for include files. This statement takes a list of arguments, separated by white space. The following arguments are recognized:

all

Enable all checks.

owner

The file is not owned by root.

iwgrp

groupwritablefile

The file is group writable.

iwoth

worldwritablefile

The file is world writable.

dir_iwgrp

groupwritabledir

The file resides in a group writable directory.

dir_iwoth

worldwritabledir

The file resides in a world writable directory.

link

The file is a symbolic link to a file residing in a group or world writable directory.

Each of the above keywords may be prefixed by ‘no’, which reverses its meaning. The special keyword ‘none’ disables all checks. Each keyword adds or removes a particular test to the existing check list, which is initialized as described in security checks. Thus, the following statement results in all checks, except for the file ownership:

global
  include-security noowner

In the example below, the check list is first cleared by using the none statement, and then a set of checks is added to it:

global
  include-security none owner iwoth iwgrp

4.3.7 Accounting control statements

The following global statements control file mode and permissions of the accounting database files. For a detailed description of this feature, See Accounting Database.

global: acct-umask mask

Set umask used when accessing accounting database files. Default value is ‘022’.

global: acct-dir-mode mode

Set mode bits for the accounting directory. The mode argument is the mode in octal.

global: acct-file-mode mode

Set mode bits for the wtmp and utmp files.