Man Linux: Main Page and Category List


       /etc/rssh.conf - configuration file for rssh


       rssh.conf  is  the  configuration  file for rssh.  It allows the system
       administrator to control the  behavior  of  the  shell.   Configuration
       keywords  are  either  used  by themselves on a line, or followed by an
       equal sign (’=’) and a configuration value.  Comments start with a hash
       (’#’)  and  can  occur anywhere on the line.  Configuration options are
       case insensitive. Spaces at the beginning or end of  line,  or  between
       the  equal  sign  and the configuration keywords or values are ignored.
       If the value of a configuration option contains spaces, it (or at least
       the space) must be enclosed in either single or double quotes.

       A  default  configuration file is provided with the source distribution
       of rssh.  If no configuration file is used, rssh will assume a  default
       umask  of  022,  and  allow only scp.  If a config file is present, the
       default is to lock  out  users  if  neither  scp  nor  sftp  have  been
       explicitly allowed.

       New  in  v2.1  is the ability to configure options on a per-user basis,
       using the user keyword.  More details are below.


              Tells the shell that scp is allowed.

              Tells the shell that sftp is allowed.

              Tells the shell that cvs is allowed.

              Tells the shell that rdist is allowed.

              Tells the shell that rsync is allowed.

              Tells the shell that svnserve is allowed.

              Sets the umask value for file creations in the scp/sftp session.
              This  is  normally  set  at  login time by the user’s shell.  In
              order not to use the system default, rssh must set the umask.

              Allows the system administrator to control what syslog  facility
              rssh  logs  to.   The  facilities  are the same as those used by
              syslogd.conf(5), or the C macros for the facilities can be  used
              instead.  For example:


              are  equivalent,  and  tell  rssh  to  use the user facility for
              logging to syslog.

              Causes rssh (actually a helper program)  to  call  the  chroot()
              system  call,  changing  the root of the file system to whatever
              directory is specified.  Note that the value on the  right  hand
              side  of  the  equal  sign  is  the  name  of a directory, not a
              command.  For example:


              will change the root of the virtual file system to  /usr/chroot,
              preventing  the  user  from  being able to access anything below
              /usr/chroot in the file system, and making /usr/chroot appear to
              be  the  root  directory.  Care must be taken to set up a proper
              chroot jail; see the file CHROOT in the rssh source distribution
              for  hints  about  how  to  do this.  See also the chroot(2) man

              If the user’s home directory (as specified  in  /etc/passwd)  is
              underneath  the  path  specified  by this keyword, then the user
              will be chdir’d into their home directory.  If it is  not,  then
              they will be chdir’d to the root of the chroot jail.

              In  other  words,  if  the jail is /chroot, and your user’s home
              directory is  /chroot/home/user,  then  once  rssh_chroot_helper
              changes  the  root  of  the  system,  it will cd into /home/user
              inside the jail.  However, if  your  user’s  home  directory  is
              given  as /home/user in /etc/passwd, then even if that directory
              exists in the jail, the chroot helper will not try to cd  there.
              The  user’s  normal home directory must live inside the jail for
              this to work.

              The user keyword allows for the configuration of  options  on  a
              per-user  basis.   THIS KEYWORD OVERRIDES ALL OTHER KEYWORDS FOR
              THE SPECIFIED USER.  That is, if you use a user keyword for user
              foo,  then foo will use only the settings in that user line, and
              not any of the settings set with the keywords above.   The  user
              keyword’s  argument consists of a group of fields separated by a
              colon (’:’), as shown below.  The fields are, in order:

                     The username of the user  for  whom  the  entry  provides
                     The  umask  for  this user, in octal, just as it would be
                     specified to the shell
              access bits
                     Six binary digits, which indicate  whether  the  user  is
                     allowed to use rsync, rdist, cvs, sftp, scp and svnserve,
                     in that order.  One means the command  is  allowed,  zero
                     means it is not.
                     The directory to which this user should be chrooted (this
                     is  not  a  command,  it  is  a  directory  name).    See
                     chroot_path above for complete details.

              For example, you might have something like this:

              user = luser:022:000010:

              This does the following: for the user with the username "luser",
              set the umask to 022, disallow sftp,  and  allow  scp.   Because
              there  is  no  chroot  path  specified,  the  user  will  not be
              chrooted, regardless of default options set  with  the  keywords
              above.   If  you wanted this user to be chrooted, you would need
              to specify the chroot path explicitly, even if it should be  the
              same as that set using the chrootpath keyword.  Remember that if
              there are spaces in the path, you need to  quote  it,  something
              like this:

              user = "luser:022:000010:/usr/local/chroot dir"

              See the default rssh.conf file for more examples.


       rssh(1),     sshd(8),    ssh(1),    scp(1),    sftp(1),    svnserve(8),
       syslogd.conf(5), chroot(2).