[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: FHS compliance and UNIX sockets

Brian May <bam@debian.org> wrote:
>>>>>> "Herbert" == Herbert Xu <herbert@gondor.apana.org.au> writes:

>     Herbert> Yes, but presumably there is a daemon process which runs
>     Herbert> under a single uid.

> Not for ssh-agent. Exactly one daemon is started for every user who
> requires it. These daemons must be independent of each other (security
> reasons).

In that case, make ssh-agent setuid a new user who owns /var/run/ssh.
Then ssh-agent can create a directory under it for the user invoking
it and make it owned by that user.  The rest is trivial.
Debian GNU/Linux 2.2 is out! ( http://www.debian.org/ )
Email:  Herbert Xu ~{PmV>HI~} <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Reply to: