Restricted User Shell
To give you the feel of GNU Rush possibilities, let’s consider the following configuration file rule:
rush 2.0 rule sftp # Matching condition match $uid >= 100 && $command ~ "^.*/sftp-server" # Actions: set  = "bin/sftp-server" umask 002 chroot "~" chdir "/"
The first clause defines the version of the syntax this configuration uses. Each configuration must begin with this statement.
rule, defines a new rule. Its argument
serves as a rule tag and is used for diagnostic messages and in
Lines beginning with ‘#’ are comments, they are intended for a
human reader and are ignored by
match statement, defines condition that must be met for
this rule to become active. In this example it requests that the
UID of the requesting user be greater than or equal to 100, and the
command line begin with ‘/sftp-server’, optionally preceded by
arbitrary directory components.
Subsequent clauses define actions associated with this rule.
set clause contains instructions on how to
modify the first argument of the command line. Argument indices start
at 0, so ‘’ refers to the command name. The expression in our example
instructs GNU Rush to replace it with ‘bin/sftp-server’.
umask clause sets the file creation mask.
chroot clause instructs GNU Rush to chroot to the user home
directory before executing the command.
chdir statement sets the directory to change to
after installing the chroot.
This document was generated on January 2, 2022 using makeinfo.Verbatim copying and distribution of this entire article is permitted in any medium, provided this notice is preserved.