Restricted User Shell
include statement forces inclusion of the named file in
that file location:
Include file file
If file starts with a tilde character, followed by a slash (‘~/’), these two characters are replaced with the full path name of current user’s home directory.
If file is a directory, that directory is searched for a file whose name coincides with the current user name. If such a file is found, it is included.
In any case, if the file named by file (after tilde expansion) does not exist, no error is reported, and parsing of the configuration file continues.
Before including the file,
rush checks if it is secure, using
the same rules as for the main configuration file (see security checks). The exact list of checks can be tuned using the
Configure the security checks for include files. This statement takes a list of arguments, separated by white space. The following arguments are recognized:
Enable all checks.
The file is not owned by root.
The file is group writable.
The file is world writable.
The file resides in a group writable directory.
The file resides in a world writable directory.
The file is a symbolic link to a file residing in a group or world writable directory.
Each of the above keywords may be prefixed by ‘no’, which reverses its meaning. The special keyword ‘none’ is synonymous to ‘noall’, i.e. it disables all checks. Each keyword adds or removes a particular test to the existing check list, which is initialized as described in security checks. Thus, the foll owning statement results in all checks, except for the file ownership:
In the example below, the check list is first cleared by using the
noall statement, and then a set of checks is added to it:
include-security noall owner iwoth iwgrp
include-security statement is global, i.e. it affects all
include statements appearing below it, up to the next
include-security statement, or end of configuration file,
whichever occurs first.
include statement can appear in any place of the
configuration file, both within or outside of a rule.
This statement provides a convenient way for user-dependent
rush configuration. For example, the following fall-through
rule (see Fall-through) allows the administrator to keep each
user’s configuration in a file named .rush, located in the
user’s home directory:
rule user include ~/.rush fall-through
Of course, it is supposed that such a per-user file, if it exists, is
writable only for super-user and does not contain any
The use of include files may be especially useful for per-user
localization (see Localization). It suffices to provide a
fall-through rule, similar to the one above, and to place a
locale directive in ~/.rush files, according to the
This document was generated on June 29, 2019 using makeinfo.Verbatim copying and distribution of this entire article is permitted in any medium, provided this notice is preserved.