Re: Moving /home of a package account, and to where?
On Sun, 01 Jul 2012, Marc Haber wrote:
> > Yes, but it's user configuration not system configuration.
>
> A system user's .ssh is user configuration?
If it is intended to be manipulated by the local admin, yes, and it would
belong in /etc somewhere.
> > If you do want to have that as configuration in /etc, I'd
> > suggest symlinking it from /var/lib/foo to /etc/foo/authorized_keys
> > (or vice versa), like e.g. postgresql handles cluster configuration.
>
> Can you give a more visible example? Should /etc/foo/authorized_keys
> be a symlink to /var/lib/foo/home/.ssh/authorized_keys? I don't think
> that circumvents the FHS forbidding configuration in /var/lib just by
> making it accessible through /etc.
No. The real file goes in /etc, the symlink goes in /var/lib. But you may
need very tight permissions in the directory that hosts these to have sshd
tolerate it, if it will work at all.
--
"One disk to rule them all, One disk to find them. One disk to bring
them all and in the darkness grind them. In the Land of Redmond
where the shadows lie." -- The Silicon Valley Tarot
Henrique Holschuh
Reply to: