rset(1) : Formulas



The examples listed on are meant to give users a quick way to get started with a variety of tasks on various platform. The source for this web site is available as a snapshot

rm -r rset-www.git
git clone
cd rset-www.git

After adding or editing content (in Haml syntax), mail the output of git diff to

Feel free to add your name to the list of contributors in the HTML comment section of each page, along with a brief summary of the type of contribution you made

  Eric Radman <> 2018 - Initial draft


Source contributions to the rset(1) can be made by creating a pull request on GitHub.

If you prefer you may also mail a diff of your working copy to

Notes on the Security Model

For the most part rset(1) does not trust the remote hosts it manages, and takes several steps to prevent an attacker from reading configuration intended for another host. To this end, the following patterns are employed:

  1. Files and directories intended only for specific hosts are explicitly listed for each host. Only the contents of _rutils directory is copied implicitly.
  2. Scripts embedded in pln(5) files are not copied, they are piped to the interpreter over SSH. This ensures that temporary files are never left behind containing sensitive information.

Several measures are also taken to prevent the compromise of the host running rset

  1. Large files are serviced by a local web server (darkhttpd by default) which only serves content under _sources.
  2. On OpenBSD, pledge(2) is used to eliminate write access to system resources and to sandbox the http server.

Last updated on October 18, 2018