[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Moving /home of a package account, and to where?

On Sun, 01 Jul 2012, Marc Haber wrote:
> > Yes, but it's user configuration not system configuration.
> 
> A system user's .ssh is user configuration?

If it is intended to be manipulated by the local admin, yes, and it would
belong in /etc somewhere.

> > If you do want to have that as configuration in /etc, I'd
> > suggest symlinking it from /var/lib/foo to /etc/foo/authorized_keys
> > (or vice versa), like e.g. postgresql handles cluster configuration.
> 
> Can you give a more visible example? Should /etc/foo/authorized_keys
> be a symlink to /var/lib/foo/home/.ssh/authorized_keys? I don't think
> that circumvents the FHS forbidding configuration in /var/lib just by
> making it accessible through /etc.

No.  The real file goes in /etc, the symlink goes in /var/lib.  But you may
need very tight permissions in the directory that hosts these to have sshd
tolerate it, if it will work at all.

-- 
  "One disk to rule them all, One disk to find them. One disk to bring
  them all and in the darkness grind them. In the Land of Redmond
  where the shadows lie." -- The Silicon Valley Tarot
  Henrique Holschuh
Reply to: