Provided by: rush_2.4-1_amd64 
NAME
rush - restricted user shell
SYNOPSIS
rush [-htTx] [-C CHECK] [-D ATTR[,ATTR...]] [-c COMMAND] [-d NUMBER] [-i] [-u USER] [--debug NUMBER]
[--dump=ATTR[,ATTR...]] [--help] [--show-default] [--trace] [--usage] [--version] [FILE]
NOTE
This manpage is a short description of GNU rush. For a detailed discussion, including examples and usage
recommendations, refer to the manual GNU Rush -- a restricted user shell, available in texinfo format.
If the info reader and the rush documentation are properly installed on your system, the command
info rush
should give you access to the complete manual.
You can also view the manual using the info mode in emacs(1), or find it in various formats online at
http://www.gnu.org.ua/software/rush/manual
If any discrepancies occur between this manpage and the Manual, the later shall be considered the
authoritative source.
DESCRIPTION
GNU rush is a restricted user shell, designed for sites that provide limited remote access to their
resources, such as svn or git repositories, scp, or the like.
Upon startup rush analyzes its command line and examines the set of configuration rules to determine what
kind of access the user is to be granted.
OPTIONS
-c COMMAND
Execute COMMAND.
-C, --security-check=CHECK
Add or remove configuration security check. The argument is one of the following:
all Enable all checks.
owner Check if the file is owned by root.
iwgrp, groupwritablefile
Check if the file is not group writable.
iwoth, worldwritablefile
Check if the file is not world writable.
dir_iwgrp, groupwritabledir
Check if the directory where the file resides is not group writable.
dir_iwoth, worldwritabledir
Check if the directory where the file resides is not world writable.
link Check if the file is not a symbolic link to a file residing in a group or world writable
directory.
-d, --debug=NUMBER
Set debugging level. The greater is the NUMBER, the more verbose is the logging. The debugging
information is reported via syslog(3) using authpriv, priority debug. Maximum meaningful value
for NUMBER is 3.
-D, --dump=ATTR[,ATTR...]
Request dump mode. Arguments are the names of the attributes to be dumped, or the word all
standing for all attributes. Refer to the GNU Rush manual for a detailed description.
-i Emulate interactive access. Use this option to test whether and how does your configuration allow
interactive access.
--show-default
Show default configuration.
-t, --test, --lint
Run in test mode. When this option is given, the following occurs:
1. All diagnostic messages are redirected to standard error, instead of syslog.
2. If a single non-option argument is present, it is taken as a name of the configuration file
to use.
3. The configuration file is parsed. If parsing fails, the program exits with the code 1.
4. If the -c option is present, rush processes its argument as usual, except that the command
itself is not executed.
-T Test scanner mode. This option is used by the rush testsuite.
-u, --user=NAME
Supplies user name for use with --test.
-x, --trace
Print parser traces. When used twice, print lexical scanner traces as well. This option is
intended for debugging.
SEE ALSO
rush.rc(5), rushlast(1), rushwho(1).
AUTHORS
Sergey Poznyakoff
BUG REPORTS
Report bugs to <bug-rush@gnu.org.ua>.
COPYRIGHT
Copyright © 2016-2019 Sergey Poznyakoff
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent
permitted by law.
RUSH May 15, 2019 RUSH(8)