I am pleased to announce the release of GNU Rush version 1.6. GNU Rush is a restricted user shell, designed for sites providing limited remote access to their resources, such as, for example, Savannah.gnu.org. It is set as a user login shell for users that are allowed remote execution of commands on the machine. Using a flexible configuration file, GNU Rush gives the system administrator complete control over the command lines that users execute, and allows to impose limits on the usage of system resources, such as virtual memory, CPU time, etc. on a per-user basis.
For more information on GNU Rush, visit http://www.gnu.org/software/rush. See below for a list of user-visible changes. Here are the compressed sources: ftp://ftp.gnu.org/gnu/rush/rush-1.6.tar.gz (768KB) Here are the GPG detached signatures[*]: ftp://ftp.gnu.org/gnu/rush/rush-1.6.tar.gz.sig Here are the MD5 and SHA1 checksums: 32087472928220d0009fd65670d42741 rush-1.6.tar.gz de211adabed3eb4b39d111b6bfc86d6b55482d28 rush-1.6.tar.gz [*] You can use either of the above signature files to verify that the corresponding file (without the .sig suffix) is intact. First, be sure to download both the .sig file and the corresponding tarball. Then, run a command like this: gpg --verify rush-1.6.tar.gz.sig If that command fails because you don't have the required public key, then run this command to import it: gpg --keyserver keys.gnupg.net --recv-keys 55D0C732 and rerun the `gpg --verify' command. This release was bootstrapped with the following tools: Autoconf 2.61 Automake 1.10.1 Gnulib-tool 0.0.1577-5313a List of user-visible changes follows: * Patterns in `transform' statement The syntax of the `transform' statement has been extended to allow for specifying transformation argument string: transform STRING REGEX or transform[N] STRING REGEX STRING may contain meta-variables, which are expanded before performing the transformation. The following meta-variables are defined: ${user} User name ${group} Name of the user's principal group ${uid} UID ${gid} GID ${home} User's home directory ${gecos} User's GECOS field ${program} Program name ${command} Full command line $0 to $9 The value of the Nth command line argument ${N} Same as above, useful if N > 9 or N < 0 (see "Negative argument indexes", below). Thus, for example: transform[0] s,.*/,/bin/, is equivalent to: transform[0] $0 s,.*/,/bin/, * The `map' statement. This statement sets a command line argument using a map file. map[N] FILE DELIM KEY K V [DEFAULT] Each line in a map file FILE contains fields, separated by delimiter DELIM. The `map' statement looks for the record whose Kth field has the value of KEY. If such a record is found, its Vth field becomes a new value of the Nth command line argument. Othervise, if DEFAULT is given, it is used as a new value. Otherwise, the argument retains its old value. KEY may contain meta-variables described above (see "Patterns in `transform' statement"). * The `set' statement. The `set' statement replaces entire command line with the new value: rule foo set /bin/scp -t /upload In indexed form, it replaces the given argument: set[0] /bin/scp The argument to `set' may contain meta-variables (see "Patterns in `transform' statement"). * The `delete' statement. This statement deletes the given argument, or range of arguments, from the command line. It has two forms: 1. Delete the Nth argument: delete[N] 2. Delete all arguments between indexes N and M, inclusive: delete N M * Modifying program name To modify the program name (as opposed to argv[0]), use ^ pseudo-index, e.g.: set[^] /bin/scp By default (unless [^] form is used) argv[0] is used as the program name. * Negative argument indexes Negative argument indexes refer to arguments numbered from the end of the command line. E.g.: transform[-1] is the same as transform[$] transform[-2] will transform the last but one argument * New statement `interactive' This statement provides a replacement command line for the interactive use of rush. By default, such use is prohibited. However, using `interactive' statement you can allow some users a limited interactive access. For example: interactive *shell* rule login command \*shell\* group rshell map[^] /usr/local/etc/rush.shell : ${user} 1 2 none transform[0] ${program} s,^.*/,-r, * Use of predefined error messages in `exit' statement. Predefined error messages can be used in `exit' statements. E.g., the statement: exit @nologin-message will retrieve the text of the `nologin-message' and send it to the remote party before exiting. If the message text must begin with a `@' sign, duplicate it: exit @@special error message Regards, Sergey _______________________________________________ GNU Announcement mailing list <info-gnu@gnu.org> http://lists.gnu.org/mailman/listinfo/info-gnu
