rush(8) a restricted user shell

SYNOPSIS

rush -c COMMAND
rush --test [FILE]
rush {-t | -u NAME} [-d NUM] [-C CHECKS] -c COMMAND [FILE]
rush {-v | -h | --usage}

DESCRIPTION

GNU rush

is a restricted user shell (R-U-SH), designed for sites that provide only limited remote access to their resources. This could be Subversion or Git repositories, upload sites accessible only by Scp, or similar services.

Using a sophisticated configuration file, GNU rush gives the administrator complete control over the command lines that users are able to execute, as well as over the access to, and usage of, system resources. Commonly, virtual memory, CPU time, etcetera, are determined by this system wide configuration.

The normal use of rush is to execute a command, using the switch '-c'. With the sole exception of '-c', all other command line switches and options imply that rush is invoked in maintenance mode.

There is an optional argument FILE available in testing mode. Use it to select a configuration file other than the default configuration sought at /etc/rush.rc.

OPTIONS

-c COMMAND
Specify a command to run.
-C CHECKS | --security-check=CHECKS
Select security checks when testing a configuration file. The argument CHECKS is a white space separated list of keywords, with long synonyms:

all, link, owner,
iwgrp (groupwritablefile),
iwoth (worldwritablefile),
dir_iwgrp (groupwritabledir),
dir_iwoth (worldwritabledir).
-d NUM | --debug=NUM
Set debugging level.
--show-default
Display the built-in default configuration. The packaged form of rush does not provide a built-in configuratation, it only accesses the system configuration file.
-t | --test | --lint
Run in test mode. In case also the option '-c' is specified, rush will emulate normal processing for the given command, but will not actually execute anything.
-u NAME | --user=NAME
Emulate shell access for the user NAME. The option '--test' is implied. The use of this option is allowed for root only, and in conjunction with the further option '-c'.
-v | --version
Display program version.
-h | --help
Display a short help message.
--usage
Display a concise usage summary.

FILES

/etc/rush.rc
Location of configuration file.
/var/lib/rush
Default database directory, where the session history files utmp and wtmp are maintained.

AUTHOR

This text was written by Mats Erik Andersson for the Debian project, because the original source supplies a documentation only in the form of a GNU Texinfo manual. The upstream author licenses the manual under GFDL-1.3, so it had to be removed from the Debian packaging.

SEE ALSO

LAST SEARCHED