1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
|
# Sample configuration file for rush.
# Lines beginning with # and empty lines are ignored.
# See `info rush' for a detailed description.
# Set verbosity level.
debug 1
rule default
limits t10r20
umask 002
env - USER LOGNAME HOME PATH+=:/usr/local/bin
fall-through
rule cvs
command ^cvs server
set[0] /usr/bin/cvs
# Secure cp requests
rule scp-to
command ^scp (-v )?-t /incoming/(alpha|ftp)
set[0] /bin/scp
chroot /var/spool/sftp-upload
chdir /incoming
# A trap rule for outbound scp requests
rule scp-from
command ^scp (-v )?-f
exit Error: Secure copy from this server is not allowed
# Svn server: force full binary path and root directory.
rule svn
command ^svnserve -t
transform s|-r *[^ ]*||;s|^svnserve |/usr/bin/svnserve -r /svnroot |
# For git requests, allow access to repositories located under
# /vcs-roots/git
rule git
command ^git-(receive|upload)-pack
match[1] ^/vcs-roots/git/[^ ]+\.git$
transform[0] s|^|/usr/bin/|
# Trap the rest of Git requests:
rule git-trap
command ^git-(receive|upload)-pack
exit fatal: access to this repository is denied.
# Sftp-server requests: chroot into the user's home directory, set umask
# 002 and execute bin/sftp-server.
rule sftp
command ^.*/sftp-server
set[0] bin/sftp-server
umask 002
chroot ~
chdir /
|
