Linux repositories inspector


August 20, 2016


restricted user shell


rush - restricted user shell


[-D ATTR[,ATTR...]]
[-u USER]
[--debug NUMBER]


This manpage is a short description of GNU rush. For a detailed discussion, including examples and usage recommendations, refer to the manual GNU Rush -- a restricted user shell, available in texinfo format. If the info reader and the rush documentation are properly installed on your system, the command
info rush
should give you access to the complete manual.
You can also view the manual using the info mode in emacs(1), or find it in various formats online at
If any discrepancies occur between this manpage and the Manual, the later shall be considered the authoritative source.


GNU rush is a restricted user shell, designed for sites that provide limited remote access to their resources, such as svn or git repositories, scp, or the like.
Upon startup rush analyzes its command line and examines the set of configuration rules to determine what kind of access the user is to be granted.


-d, --debug=NUMBER
Set debugging level. The greater is the NUMBER, the more verbose is the logging. The debugging information is reported via syslog(3) using authpriv, priority debug. Maximum meaningful value for NUMBER is 3.
-D, --dump=ATTR[,ATTR...]
Request dump mode. Arguments are the names of the attributes to be dumped, or the word all standing for all attributes. Refer to the GNU Rush manual for a detailed description.
-t, --test, --lint
Run in test mode. When this option is given, the following occurs:
0step]. All diagnostic messages are redirected to standard error, instead of syslog.
0[step]. If a single non-option argument is present, it is taken as a name of the configuration file to use.
0[step]. The configuration file is parsed. If parsing fails, the program exits with the code 1.
0[step]. If the -c option is present, rush processes its argument as usual, except that the command itself is not executed.
-u, --user=NAME
Supplies user name for use with --test.
Execute COMMAND.
-C, --security-check=CHECK
Add or remove configuration security check. The argument is one of the following:
all Enable all checks.
owner Check if the file is owned by root.
iwgrp, groupwritablefile
Check if the file is not group writable.
iwoth, worldwritablefile
Check if the file is not world writable.
dir_iwgrp, groupwritabledir
Check if the directory where the file resides is not group writable.
dir_iwoth, worldwritabledir
Check if the directory where the file resides is not world writable.
link Check if the file is not a symbolic link to a file residing in a group or world writable directory.
-i Emulate interactive access. Use this option to test whether and how does your configuration allow interactive access.
Show default configuration.


Sergey Poznyakoff


Report bugs to <>.


Copyright © 2016 Sergey Poznyakoff
License GPLv3+: GNU GPL version 3 or later <>
This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law.
⇧ Top