Re: Moving /home of a package account, and to where?
On Sun, Jul 01, 2012 at 12:36:41PM -0300, Henrique de Moraes Holschuh wrote:
> On Sun, 01 Jul 2012, Marc Haber wrote:
> > > Yes, but it's user configuration not system configuration.
> >
> > A system user's .ssh is user configuration?
>
> If it is intended to be manipulated by the local admin, yes, and it would
> belong in /etc somewhere.
I would call that system configuration.
> > > If you do want to have that as configuration in /etc, I'd
> > > suggest symlinking it from /var/lib/foo to /etc/foo/authorized_keys
> > > (or vice versa), like e.g. postgresql handles cluster configuration.
> >
> > Can you give a more visible example? Should /etc/foo/authorized_keys
> > be a symlink to /var/lib/foo/home/.ssh/authorized_keys? I don't think
> > that circumvents the FHS forbidding configuration in /var/lib just by
> > making it accessible through /etc.
>
> No. The real file goes in /etc, the symlink goes in /var/lib. But you may
> need very tight permissions in the directory that hosts these to have sshd
> tolerate it, if it will work at all.
Does sshd honor symlinks when looking for authorized_keys? I am really
really astonished about with which ease we hurl RC bugs at packages
without having thought-out alternatives.
Greetings
Marc
--
-----------------------------------------------------------------------------
Marc Haber | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany | lose things." Winona Ryder | Fon: *49 621 31958061
Nordisch by Nature | How to make an American Quilt | Fax: *49 621 31958062
Reply to: