Section: Gnurush (8)
Updated: December 2010
Index Return to Main Contents


rush - a restricted user shell  


rush -c COMMAND
rush --test [FILE]
rush {-t | -u NAME} [-d NUM] [-C CHECKS] -c COMMAND [FILE]
rush {-v | -h | --usage}


GNU rush

is a restricted user shell (R-U-SH), designed for sites that provide only limited remote access to their resources. This could be Subversion or Git repositories, upload sites accessible only by Scp, or similar services.

Using a sophisticated configuration file, GNU rush gives the administrator complete control over the command lines that users are able to execute, as well as over the access to, and usage of, system resources. Commonly, virtual memory, CPU time, etcetera, are determined by this system wide configuration.

The normal use of rush is to execute a command, using the switch '-c'. With the sole exception of '-c', all other command line switches and options imply that rush is invoked in maintenance mode.

There is an optional argument FILE available in testing mode. Use it to select a configuration file other than the default configuration sought at /etc/rush.rc.  


Specify a command to run.
-C CHECKS | --security-check=CHECKS
Select security checks when testing a configuration file. The argument CHECKS is a white space separated list of keywords, with long synonyms:

all, link, owner,
iwgrp (groupwritablefile),
iwoth (worldwritablefile),
dir_iwgrp (groupwritabledir),
dir_iwoth (worldwritabledir).
-d NUM | --debug=NUM
Set debugging level.
Display the built-in default configuration. The packaged form of rush does not provide a built-in configuratation, it only accesses the system configuration file.
-t | --test | --lint
Run in test mode. In case also the option '-c' is specified, rush will emulate normal processing for the given command, but will not actually execute anything.
-u NAME | --user=NAME
Emulate shell access for the user NAME. The option '--test' is implied. The use of this option is allowed for root only, and in conjunction with the further option '-c'.
-v | --version
Display program version.
-h | --help
Display a short help message.
Display a concise usage summary.


Location of configuration file.
Default database directory, where the session history files utmp and wtmp are maintained.


The full documentation for GNU Rush is maintained as a Texinfo manual. If the info and rush programs were installed from source at your site, the command
info rush

should give you access to the complete manual.

An online manual is available at

The Debian package provides information in


with relevant examples, but cannot include the Texinfo manual.

See also rushlast(1) and rushwho(1).  


This text was written by Mats Erik Andersson for the Debian project, because the original source supplies a documentation only in the form of a GNU Texinfo manual. The upstream author licenses the manual under GFDL-1.3, so it had to be removed from the Debian packaging.