- (dtucker) [contrib/aix/buildbff.sh] Always create privsep user.
This commit is contained in:
Darren Tucker
parent
08432d54fa
commit
19a66dbf4f
|
|
@ -1,5 +1,6 @@
|
|||
20060909
|
||||
- (dtucker) [openbsd-compat/bsd-snprintf.c] Add stdarg.h.
|
||||
- (dtucker) [contrib/aix/buildbff.sh] Always create privsep user.
|
||||
|
||||
20060908
|
||||
- (dtucker) [auth-sia.c] Add includes required for build on Tru64. Patch
|
||||
|
|
@ -5418,4 +5419,4 @@
|
|||
- (djm) Trim deprecated options from INSTALL. Mention UsePAM
|
||||
- (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
|
||||
|
||||
$Id: ChangeLog,v 1.4538 2006/09/09 05:59:43 dtucker Exp $
|
||||
$Id: ChangeLog,v 1.4539 2006/09/09 10:34:15 dtucker Exp $
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
#!/bin/sh
|
||||
#
|
||||
# buildbff.sh: Create AIX SMIT-installable OpenSSH packages
|
||||
# $Id: buildbff.sh,v 1.8 2005/03/29 13:24:12 dtucker Exp $
|
||||
# $Id: buildbff.sh,v 1.9 2006/09/09 10:34:15 dtucker Exp $
|
||||
#
|
||||
# Author: Darren Tucker (dtucker at zip dot com dot au)
|
||||
# This file is placed in the public domain and comes with absolutely
|
||||
|
|
@ -200,33 +200,29 @@ do
|
|||
done
|
||||
echo
|
||||
|
||||
# Create PrivSep user if PrivSep not disabled in config
|
||||
echo Creating PrivSep prereqs if required.
|
||||
# Create PrivilegeSeparation user and group if not present
|
||||
echo Checking for PrivilegeSeparation user and group.
|
||||
if cut -f1 -d: /etc/group | egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null
|
||||
then
|
||||
echo "PrivSep group $SSH_PRIVSEP_USER already exists."
|
||||
else
|
||||
echo "Creating PrivSep group $SSH_PRIVSEP_USER."
|
||||
mkgroup -A $SSH_PRIVSEP_USER
|
||||
fi
|
||||
|
||||
# Create user if required
|
||||
if lsuser "$SSH_PRIVSEP_USER" >/dev/null
|
||||
then
|
||||
echo "PrivSep user $SSH_PRIVSEP_USER already exists."
|
||||
else
|
||||
echo "Creating PrivSep user $SSH_PRIVSEP_USER."
|
||||
mkuser gecos='SSHD PrivSep User' login=false rlogin=false account_locked=true pgrp=$SSH_PRIVSEP_USER $SSH_PRIVSEP_USER
|
||||
fi
|
||||
|
||||
if egrep '^[ \t]*UsePrivilegeSeparation[ \t]+no' $sysconfdir/sshd_config >/dev/null
|
||||
then
|
||||
echo "UsePrivilegeSeparation disabled in config, not creating PrivSep user,"
|
||||
echo "group or chroot directory."
|
||||
echo UsePrivilegeSeparation not enabled, privsep directory not required.
|
||||
else
|
||||
echo "UsePrivilegeSeparation enabled in config (or defaulting to on)."
|
||||
|
||||
# create group if required
|
||||
if cut -f1 -d: /etc/group | egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null
|
||||
then
|
||||
echo "PrivSep group $SSH_PRIVSEP_USER already exists."
|
||||
else
|
||||
echo "Creating PrivSep group $SSH_PRIVSEP_USER."
|
||||
mkgroup -A $SSH_PRIVSEP_USER
|
||||
fi
|
||||
|
||||
# Create user if required
|
||||
if lsuser "$SSH_PRIVSEP_USER" >/dev/null
|
||||
then
|
||||
echo "PrivSep user $SSH_PRIVSEP_USER already exists."
|
||||
else
|
||||
echo "Creating PrivSep user $SSH_PRIVSEP_USER."
|
||||
mkuser gecos='SSHD PrivSep User' login=false rlogin=false account_locked=true pgrp=$SSH_PRIVSEP_USER $SSH_PRIVSEP_USER
|
||||
fi
|
||||
|
||||
# create chroot directory if required
|
||||
if [ -d $PRIVSEP_PATH ]
|
||||
then
|
||||
|
|
|
|||
Loading…
Reference in New Issue