![[image of the Head of a GNU]](/graphics/gnu-head-sm.jpg)
|
|
GNU Rush |
Restricted User Shell |
Sergey Poznyakoff |
GNU Rush legacy configuration syntax (split by node): 
These statements define conditions that are evaluated when matching the rule against the request. A rule may contain any number of conditions. All conditions are tested in order of their appearance in the rule and are tied together using boolean shortcut ‘and’ evaluation: if any of them yields false, the rest is not evaluated and control is transferred to the subsequent rule.
True, if the current command line matches regular expression regex.
For example:
command ^scp (-v )?-t /incoming/(alpha|ftp)
By default, POSIX extended regular expressions are used.
This, however can be changed using regex statement (see Regex).
True, if nth word from the command line matches regular expression regexp. Notice, that square brackets form part of the statement syntax. The index n is normally a decimal number indicating position of the word in the command line (first word being at index 0). It can be negative, which means that the position is counted from the last word. Several special notations are also allowed, e.g. ‘$’ denotes the last word. For a detailed discussion of word-splitting alorithm and allowed notations of n, indexing.
Second argument regexp is a regular expression to match the word
against. Unless changed by previous regex statement
(see Regex), POSIX extended regular expression is assumed.
For example, the condition below yields true if the last argument is an absolute path name:
match[$] ^/.*
Compare the number of command line arguments to num. The comparison operator is given by op, which can be one of the following: ‘=’ (or ‘==’), ‘!=’, ‘<’, ‘<=’, ‘>’, ‘>=’.
For example, the following condition matches if the number of arguments is less than 3:
argc < 3
Compare current UID to user-id. The latter may be either a numeric UID or a name of an existing user.
The comparison operator is given by optional op, which can be one of the following: ‘=’ (‘==’), ‘!=’, ‘<’, ‘<=’, ‘>’, ‘>=’. If op is not given, equality (‘==’) is assumed.
Examples:
uid smith
Compare current GID to group-id, which is either a numeric value or a name of an existing group.
The comparison operator is given by op, which can be one of the following: ‘=’ (‘==’), ‘!=’, ‘<’, ‘<=’, ‘>’, ‘>=’. If op is not given, equality (‘==’) is assumed.
Argument is a whitespace-separated list of user names. This condition yields true, if the user name is listed in names. String comparisons are case-sensitive.
Argument is a whitespace-separated list of group names. This condition yields true, if the the name of any group the user is a member of is listed in names. String comparisons are case-sensitive.
For example, to match users from groups ‘admin’ and ‘root’:
group admin root
Each condition can be negated by placing exclamation sign between the condition keyword and expression. For example:
command ^scpTrue, if the command line begins with ‘scp’.
command ! ^scpTrue if the command line does not begin with ‘scp’.
GNU Rush legacy configuration syntax (split by node):
This document was generated on June 29, 2019 using makeinfo.
Verbatim copying and distribution of this entire article is permitted in any medium, provided this notice is preserved.